arXiv: Discard the Dross and Select the Essential: Pre-query Sample Selection for Black-box Membership Inference Attacks

This paper, published on arXiv, presents a new method for conducting membership inference attacks against machine learning models. Membership inference attacks attempt to determine whether a specific data point was used to train a model, which can expose sensitive personal information. The authors propose a technique called "pre-query sample selection" that makes these attacks more efficient and effective, even when the attacker has only black-box access to the model, meaning they can query it but not see its internal workings. This represents a technical advancement in the field of AI safety and privacy risks.

The primary organizations affected are any entities deploying or using machine learning models that process personal data, particularly in regulated sectors such as finance, healthcare, and insurance. Any company subject to the EU AI Act or GDPR must consider this risk, as a successful membership inference attack could constitute a personal data breach. The technique lowers the barrier for adversaries to extract information about training data, increasing the compliance burden for model operators.

Compliance teams should immediately review their AI model inventory to identify models that may be vulnerable to black-box membership inference attacks. They should update their Data Protection Impact Assessments (DPIAs) to explicitly address this new attack vector. Technical teams should be instructed to evaluate and implement mitigation strategies, such as differential privacy, output perturbation, or limiting model query rates. Finally, teams should monitor the final peer-reviewed publication for any additional details that may inform updated risk assessments or regulatory reporting obligations.