Model Inversion Attacks on Llama 3: Extracting PII from Large Language Models
This addresses privacy vulnerabilities for users of LLMs, though it is incremental as it applies known attack methods to a new model.
The paper tackled the problem of privacy risks from training data memorization in large language models by demonstrating model inversion attacks on Llama 3.2, resulting in the extraction of personally identifiable information such as passwords and email addresses through crafted prompts.
Large language models (LLMs) have transformed natural language processing, but their ability to memorize training data poses significant privacy risks. This paper investigates model inversion attacks on the Llama 3.2 model, a multilingual LLM developed by Meta. By querying the model with carefully crafted prompts, we demonstrate the extraction of personally identifiable information (PII) such as passwords, email addresses, and account numbers. Our findings highlight the vulnerability of even smaller LLMs to privacy attacks and underscore the need for robust defenses. We discuss potential mitigation strategies, including differential privacy and data sanitization, and call for further research into privacy-preserving machine learning techniques.