Membership Inference Attacks on Large-Scale Models: A Survey
This survey addresses privacy risks for users and developers of large-scale models by synthesizing existing research, but it is incremental as it builds on prior MIA studies without introducing new methods.
The paper tackles the lack of systematic surveys on Membership Inference Attacks (MIAs) for large-scale models like LLMs and LMMs by providing the first comprehensive review, analyzing attacks across model types, adversarial knowledge, strategies, and multiple pipeline stages such as pre-training and fine-tuning.
As large-scale models such as Large Language Models (LLMs) and Large Multimodal Models (LMMs) see increasing deployment, their privacy risks remain underexplored. Membership Inference Attacks (MIAs), which reveal whether a data point was used in training the target model, are an important technique for exposing or assessing privacy risks and have been shown to be effective across diverse machine learning algorithms. However, despite extensive studies on MIAs in classic models, there remains a lack of systematic surveys addressing their effectiveness and limitations in large-scale models. To address this gap, we provide the first comprehensive review of MIAs targeting LLMs and LMMs, analyzing attacks by model type, adversarial knowledge, and strategy. Unlike prior surveys, we further examine MIAs across multiple stages of the model pipeline, including pre-training, fine-tuning, alignment, and Retrieval-Augmented Generation (RAG). Finally, we identify open challenges and propose future research directions for strengthening privacy resilience in large-scale models.