Opening — Why this matters now “Right to be forgotten” has quietly become one of the most dangerous phrases in AI governance. On paper, it sounds clean: remove a user’s data, comply with regulation, move on. In practice, modern large language models (LLMs) have turned forgetting into a performance art. Models stop saying what they were trained on—but continue remembering it internally. ...
Opening — Why this matters now RAG was supposed to make LLMs safer. Instead, it quietly became a liability. As enterprises rushed to bolt retrieval layers onto large language models, they unintentionally created a new attack surface: sensitive internal data flowing straight into a model that cannot reliably distinguish instructions from content. Prompt injection is not a corner case anymore—it is the default threat model. And telling the model to “behave” has proven to be more of a suggestion than a guarantee. ...
Opening — Why this matters now Multimodal models have learned to see. Unfortunately, they have also learned to remember—and sometimes to reveal far more than they should. As vision-language models (VLMs) are deployed into search, assistants, surveillance-adjacent tools, and enterprise workflows, the question is no longer whether they can infer personal information from images, but how often they do so—and under what conditions they fail to hold back. ...
Opening — Why this matters now Personalized AI assistants are rapidly becoming ambient infrastructure. They draft emails, recall old conversations, summarize private chats, and quietly stitch together our digital lives. The selling point is convenience. The hidden cost is context collapse. The paper behind this article introduces PrivacyBench, a benchmark designed to answer an uncomfortable but overdue question: when AI assistants know everything about us, can they be trusted to know when to stay silent? The short answer is no—not reliably, and not by accident. ...
Centralized Retrieval-Augmented Generation (RAG) systems promise smarter answers, but they quietly assume one big, clean dataset in one place. Reality is far messier: hospitals, insurers, or financial groups each hold their own silo, often in incompatible formats, and none are willing—or legally allowed—to pool raw data. The HyFedRAG framework tackles this head‑on by making RAG federated, heterogeneous, and privacy‑aware. Edge First, Cloud Second Instead of centralizing records, HyFedRAG runs retrieval at the edge. Each hospital or business unit: ...
The latest tutorial by Li, Huang, Li, Zhou, Zhang, and Liu surveys how GANs, diffusion models, and LLMs now mass‑produce synthetic text, tables, graphs, time series, and images for data‑mining workloads. That’s the supply side. The demand side—execs asking “will this improve my model and keep us compliant?”—is where most projects stall. This piece extracts a decision framework from the tutorial and extends it with business‑grade evaluation and governance so you can decide when synthetic data is a shortcut—and when it’s a trap. ...
When organizations deploy LLM-based agents to email, message, and collaborate on our behalf, privacy threats stop being static. The attacker is now another agent able to converse, probe, and adapt. Today’s paper proposes a simulation-plus-search framework that discovers these evolving risks—and the countermeasures that survive them. The result is a rare, actionable playbook: how attacks escalate in multi-turn dialogues, and how defenses must graduate from rules to identity-verified state machines. ...
Why is forgetting in machine learning harder than learning? A new paper offers a surprisingly elegant answer: it doesn’t have to be — if you rethink forgetting as a form of remembering in reverse. In “Efficient Machine Unlearning via Influence Approximation,” Liu et al. turn a long-standing problem — how to make a machine learning model forget specific training data — into a tractable and efficient task by reframing it through the lens of incremental learning. The result is IAU, or Influence Approximation Unlearning: a method that replaces costly second-order computations with a clever gradient-based proxy inspired by cognitive science. ...
When we talk about parameter-efficient fine-tuning, LoRA (Low-Rank Adaptation) is often celebrated as a silver bullet: cost-effective, memory-efficient, and—many assume—safe. After all, it modifies only a small fraction of model parameters, sideloaded as low-rank matrices, while leaving the massive pretrained model backbone untouched. The prevailing belief has been that such minimal intervention can’t possibly memorize or leak sensitive data. This belief is now decisively debunked by LoRA-Leak, a landmark framework introduced in a new paper by researchers from Tsinghua and HKUST. Their findings are a wake-up call for AI developers and policymakers alike: even LoRA-finetuned models are highly vulnerable to membership inference attacks (MIAs)—and ironically, the very presence of the frozen pretrained model amplifies this leakage risk. ...
The best kind of privacy leak is the one you can measure. A recent paper by Huang et al. introduces a deceptively simple but powerful principle—the Entropy-Memorization Law—that allows us to do just that. It claims that the entropy of a text sequence is strongly correlated with how easily it’s memorized by a large language model (LLM). But don’t mistake this for just another alignment paper. This law has concrete implications for how we audit models, design prompts, and build privacy-aware systems. Here’s why it matters. ...