Privacy in LLMs (brave.com)

Researchers from Brave and NUS introduced CAMIA, a context-aware membership inference attack for Large Language Models (LLMs) that more precisely detects whether a specific training example was memorized and can be leaked. Accepted as an oral paper at EMNLP 2025 and open-sourced, CAMIA reframes membership inference for generative models by tracking token-level uncertainty during autoregressive generation rather than relying on aggregate sequence loss. The work highlights real-world stakes—healthcare records, private corporate documents, exam content and paywalled text can be exposed—making better detection methods crucial for compliance and trust. Technically, CAMIA measures how predictive uncertainty resolves across different prefixes, distinguishing cases where low loss is due to strong contextual cues (e.g., repeated phrases) from true memorization when a sparse prefix forces the model to “recall.” It adjusts for trivial repetition patterns, operates at token granularity, and composes multiple membership signals efficiently. On the MIMIR benchmark across Pythia (70M–12B) and GPT-Neo (125M–2.7B) families and six domains, CAMIA boosts true positive rate from 20.11% to 32.00% at a 1% false positive rate (Pythia 2.8B on ArXiv) and processes 1,000 samples on an A100 in ~38 minutes. The method exposes contextual memorization dynamics in LLMs and provides a practical tool for auditors and developers to evaluate and mitigate privacy leakage.