arXiv: Privacy Vulnerabilities of Attention Layers in Tabular Foundation Models and Protection of High-Risk Queries

This paper, published on arXiv, presents a new privacy vulnerability specific to attention layers in tabular foundation models. It demonstrates that an attacker can infer sensitive attributes of high-risk queries—such as financial or medical data—by analyzing the model’s internal attention patterns, even when the model is accessed only through an API. This is not a regulatory change but a technical disclosure that has immediate implications for compliance under the EU AI Act and other data protection frameworks.

Organizations deploying or using tabular foundation models in regulated sectors—including finance, healthcare, insurance, and credit scoring—are directly affected. Any entity that processes high-risk queries through such models, especially those subject to GDPR or the AI Act’s high-risk classification, must reassess their privacy safeguards. The vulnerability undermines assumptions that API-only access provides sufficient protection against inference attacks.

Compliance teams should immediately review their model deployment architectures to determine if attention layers are exposed or if query-level privacy guarantees are in place. They should engage with data science teams to evaluate whether differential privacy or output perturbation can mitigate this risk. Additionally, update internal risk assessments and data protection impact assessments to reflect this new attack vector, and consider delaying deployment of tabular foundation models for high-risk use cases until mitigations are validated.