Cifrum.kz Kazakhstan's Digital Environment
Cybersecurity

CAMIA: new attack method reveals what AI memorises about your data

Researchers from Brave and the National University of Singapore have presented a new way to detect leaks in AI models. […]

Author admin
2 min read
Data scientist analyzing AI
Фото: Pexels

Researchers from Brave and the National University of Singapore have presented a new way to detect leaks in AI models. The CAMIA (Context-Aware Membership Inference Attack) method has proved significantly more effective than previous attacks on neural networks’ “memory”.

Why this matters

One of the main problems of modern AI is “data memorisation”. Models trained on huge text corpora can inadvertently reproduce private information. In healthcare this threatens patient data exposure; in business it means leaks of internal correspondence or documents.

Such concerns recently intensified after LinkedIn announced plans to use user data to improve generative models. Experts warn that such practices can lead to private information becoming publicly accessible through AI.

How CAMIA works

Until now, Membership Inference Attacks (MIA) have been used to test models — attacks that try to determine whether the AI saw a specific example during training. However, classic MIAs performed poorly with generative systems like GPT because they analysed only the model’s final confidence.

CAMIA changes the approach: researchers found that AI memorisation is context-dependent. A model “recalls” data more often in situations of uncertainty.

Example:

  • if the prompt is “Harry Potter is…written by…”, the network easily guesses the continuation from context;
  • but if the input is limited to “Harry”, the precise answer “Potter” is only possible by memorising the training text.

CAMIA tracks the model’s confidence dynamics as each token is generated. This allows hidden memorisation to be detected where other methods fail.

Test results

On the MIMIR benchmark, the researchers tested CAMIA on the Pythia and GPT-Neo models. In an experiment with Pythia 2.8B (trained on ArXiv data), detection accuracy nearly doubled:

  • true positive rate rose from 20.11% to 32.00%,
  • while the false positive rate stayed at just 1%.
Related:  Prompts for ChatGPT: A Guide to Creating Instagram Content for Kazakhstan

Furthermore, the method proved fast enough: on one A100 GPU it can process 1,000 samples in roughly 38 minutes.

What this means for the industry

The development reminds the AI industry that large-scale models trained on unfiltered datasets pose a direct privacy threat. CAMIA will become a tool for auditing neural networks and may push companies to adopt private-training technologies and differential data protection.

Sources

Liked the article? Share:

Comments on this article

Leave a Comment

Your email address will not be published. Required fields are marked *

Related articles

All in this category →
Scroll to Top