SOFT: Selective Data Obfuscation for Protecting LLM Fine-tuning against Membership Inference Attacks
Kaiyuan Zhang
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Vulnerabilities in LLMs: Privacy, Safety, and Defense
This talk, presented by Kaiyuan Zhang, introduces SOFT, a novel defense mechanism designed to protect the privacy of large language models (LLMs) during the crucial fine-tuning phase. As LLMs become ubiquitous, adapting these powerful general models to specific, often sensitive, real-world tasks through fine-tuning has become standard practice. However, this process frequently involves proprietary or private datasets, introducing significant privacy risks, most notably **Membership Inference Attacks (MIAs)**.
AI review
Competent academic security research on a real and underappreciated threat surface — MIAs against fine-tuned LLMs rather than pre-training corpora. The core contribution is sound and the insight about influential samples driving disproportionate leakage is defensible, but the defense mechanism (paraphrase the memorable stuff) is conceptually thin and the threat model has meaningful gaps that the talk doesn't fully grapple with.