What Does the Server See? Understanding Privacy Leakage from Large Language Models in Split Inference
A new research paper explores privacy risks in split inference for large language models (LLMs). The study introduces ActInv, a method capable of reconstructing client inputs from intermediate activations, even when defenses like noise injection are used. Researchers also developed a metric called Perturbation Amplification Factor (PAF) to quantify layer-specific privacy vulnerabilities and proposed PriPert as a defense mechanism. AI
IMPACT Highlights potential privacy vulnerabilities in LLM deployment strategies, prompting the need for more robust security measures.