Researchers have developed two novel black-box membership inference attacks targeting retrieval-based in-context learning systems for document question answering. These attacks leverage query text prefixes to differentiate between member and non-member inputs, with one method using a reference model and the other employing a weighted-averaging scheme to eliminate the need for a reference model. Empirical evaluations demonstrate that these attacks are resilient to paraphrasing and outperform existing methods, while an adapted ensemble prompting defense effectively mitigates the privacy leakage. AI
Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →
IMPACT Highlights potential privacy vulnerabilities in retrieval-augmented language models, necessitating stronger defenses for secure deployment.
RANK_REASON This is a research paper detailing novel membership inference attacks against a specific AI technique. [lever_c_demoted from research: ic=1 ai=1.0]