Estimating near-verbatim extraction risk in language models with decoding-constrained beam search
This addresses privacy and copyright risks in LLMs by improving efficiency in detecting near-verbatim memorization, though it is incremental as it builds on prior probabilistic extraction methods.
The paper tackled the problem of quantifying near-verbatim extraction risk in language models, which is computationally expensive with existing methods, and introduced decoding-constrained beam search to provide deterministic lower bounds at a cost comparable to ~20 Monte Carlo samples per sequence, revealing many more extractable sequences and larger per-sequence extraction mass.
Recent work shows that standard greedy-decoding extraction methods for quantifying memorization in LLMs miss how extraction risk varies across sequences. Probabilistic extraction -- computing the probability of generating a target suffix given a prefix under a decoding scheme -- addresses this, but is tractable only for verbatim memorization, missing near-verbatim instances that pose similar privacy and copyright risks. Quantifying near-verbatim extraction risk is expensive: the set of near-verbatim suffixes is combinatorially large, and reliable Monte Carlo (MC) estimation can require ~100,000 samples per sequence. To mitigate this cost, we introduce decoding-constrained beam search, which yields deterministic lower bounds on near-verbatim extraction risk at a cost comparable to ~20 MC samples per sequence. Across experiments, our approach surfaces information invisible to verbatim methods: many more extractable sequences, substantially larger per-sequence extraction mass, and patterns in how near-verbatim extraction risk manifests across model sizes and types of text.