APromptRiskDBThreat intelligence atlas
AI Security Technique

Infer Training Data Membership - AI Security Technique

Adversaries may infer the membership of a data sample or global characteristics of the data in its training set, which raises privacy concerns. Some strategies make use of a shadow model that could be obtained via Train Proxy via Replication, others use statistics of model prediction scores. This can cause the victim model to leak private information, such as PII of those in the traini...

View mitigationsRead context
AI Security Techniquefeasible

Record summary

A quick snapshot of what this page covers.

Tactics0Attacker goals connected to this method.
Mitigations3Defenses that may help against this attack.
AI risks0Research-backed risks connected to this topic.

Attack context

How this AI attack works in practice.

Adversaries may infer the membership of a data sample or global characteristics of the data in its training set, which raises privacy concerns. Some strategies make use of a shadow model that could be obtained via Train Proxy via Replication, others use statistics of model prediction scores.

This can cause the victim model to leak private information, such as PII of those in the training set or other forms of protected IP.

ATLAS ID
AML.T0024.000
Priority score
19
Maturity: feasible

Mitigations

Defenses that may help against this attack.

AML.M0024 - AI Telemetry Logging

DeploymentMonitoring and Maintenance
LifecycleDeployment + 1 moreCategoryTechnical - Cyber

Telemetry logging can help identify if sensitive data has been exfiltrated.

AML.M0002 - Passive AI Output Obfuscation

DeploymentML Model Evaluation
LifecycleDeployment + 1 moreCategoryTechnical - ML

Suggested approaches:

  • Restrict the number of results shown
  • Limit specificity of output class ontology
  • Use randomized smoothing techniques
  • Reduce the precision of numerical outputs

AML.M0004 - Restrict Number of AI Model Queries

Business and Data UnderstandingDeployment+1 more
LifecycleBusiness and Data Understanding + 2 moreCategoryTechnical - Cyber

Limit the volume of API queries in a given period of time to regulate the amount and fidelity of potentially sensitive information an attacker can learn.

Case studies

Examples from public reports and exercises.

No case studies found. No public example is connected to this attack in the current data.

Related risks

Research-backed risks connected to this topic.

No related AI risks. No research risk is connected to this topic in the current data.

Related CVEs

Known software flaws linked to this context.

No related CVEs. No software flaw is connected to this attack in the current data.

Source

Where this page information comes from.