Expert Selections in MoE Transformer Models Reveal Almost as Much as Text (arxiv.org)

Researchers have discovered a significant vulnerability in mixture-of-experts (MoE) language models, demonstrating that the selection of expert subnetworks can leak substantial amounts of information, nearly equivalent to direct text content. Utilizing advanced architectures, they achieved a remarkable 91.2% top-1 accuracy in reconstructing tokens solely from these routing decisions using a transformer-based decoder, marking a notable improvement over previous methods. This finding suggests a greater risk of information leakage during model inference, especially in scenarios involving distributed systems and side channels. The implications for the AI/ML community are profound, as it raises awareness about the security of model architectures beyond traditional observed vulnerabilities. As the use of MoE models continues to grow due to their efficiency and performance, developers and researchers must recognize and mitigate these risks. The study highlights the necessity of treating expert selections with the same sensitivity as the actual text data—to prevent unintended disclosure of potentially sensitive information during model deployment. This research not only connects routing mechanisms to broader issues of embedding inversion but also emphasizes the critical need for privacy-centric designs in AI systems.