Go to OpenReview Public Article ORCID homepageRisk-Aware Privacy Preservation for LLM Inference
Abstract: Large Language Model (LLM) inference services like ChatGPT are popular for enabling diverse tasks via prompts, yet they exacerbate privacy risks due to the potential exposure of sensitive data in user inputs. Existing local differential privacy (LDP)-based text sanitization mechanisms offer lightweight protection suitable for cloud-based LLM inference. Nevertheless, uniform privacy budget allocation and generalized sanitization mechanisms neglect the critical protection needs of sensitive user data, such as Personally Identifiable Information (PII). Empirical evidence of this work reveals that even with a strict privacy budget ( $\epsilon $ =0.1), the sensitive information leakage rate can reach an alarmingly high 71.74%. To address these challenges, this paper proposes Rap-LI, a risk-aware privacy preservation framework for LLM inference, designed to be plug-and-play. Rap-LI performs risk identification and personalized labeling on user prompts, then develops a risk-aware LDP mechanism for text sanitization, formally proven to satisfy both token-level and sentence-level LDP guarantees. Extensive experimental results demonstrate Rap-LI’s superior privacy-utility balance. It improves privacy protection against sensitive information leakage by an average of 51.68% compared to methods with comparable utility. Our code is available at https://github.com/Cristliu/RapLI
External IDs:doi:10.1109/tifs.2026.3667458
Loading