Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
41 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
41 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Good and The Bad: Exploring Privacy Issues in Retrieval-Augmented Generation (RAG) (2402.16893v1)

Published 23 Feb 2024 in cs.CR, cs.AI, and cs.CL

Abstract: Retrieval-augmented generation (RAG) is a powerful technique to facilitate LLM with proprietary and private data, where data privacy is a pivotal concern. Whereas extensive research has demonstrated the privacy risks of LLMs, the RAG technique could potentially reshape the inherent behaviors of LLM generation, posing new privacy issues that are currently under-explored. In this work, we conduct extensive empirical studies with novel attack methods, which demonstrate the vulnerability of RAG systems on leaking the private retrieval database. Despite the new risk brought by RAG on the retrieval data, we further reveal that RAG can mitigate the leakage of the LLMs' training data. Overall, we provide new insights in this paper for privacy protection of retrieval-augmented LLMs, which benefit both LLMs and RAG systems builders. Our code is available at https://github.com/phycholosogy/RAG-privacy.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. Emergent and predictable memorization in large language models. arXiv preprint arXiv:2304.11158.
  2. Improving language models by retrieving from trillions of tokens. In International conference on machine learning, pages 2206–2240. PMLR.
  3. Quantifying memorization across neural language models. arXiv preprint arXiv:2202.07646.
  4. Extracting training data from large language models. In 30th USENIX Security Symposium (USENIX Security 21), pages 2633–2650.
  5. Harrison Chase. 2022. Langchain. October 2022. https://github.com/hwchase17/langchain.
  6. Lift yourself up: Retrieval-augmented text generation with self memory. arXiv preprint arXiv:2305.02437.
  7. Evelyn Fix and Joseph Lawson Hodges. 1989. Discriminatory analysis. nonparametric discrimination: Consistency properties. International Statistical Review/Revue Internationale de Statistique, 57(3):238–247.
  8. Retrieval-augmented generation for large language models: A survey. arXiv preprint arXiv:2312.10997.
  9. Privacy implications of retrieval-based language models. arXiv preprint arXiv:2305.14888.
  10. Preventing verbatim memorization in language models gives a false sense of privacy. arXiv preprint arXiv:2210.17546.
  11. Deduplicating training data mitigates privacy risks in language models. In International Conference on Machine Learning, pages 10697–10707. PMLR.
  12. Generalization through memorization: Nearest neighbor language models. arXiv preprint arXiv:1911.00172.
  13. Reinforcement learning for optimizing rag for domain chatbots. arXiv preprint arXiv:2401.06800.
  14. Do language models plagiarize? In Proceedings of the ACM Web Conference 2023, pages 3637–3647.
  15. Deduplicating training data makes language models better. arXiv preprint arXiv:2107.06499.
  16. Retrieval-augmented generation for knowledge-intensive nlp tasks. Advances in Neural Information Processing Systems, 33:9459–9474.
  17. Liu. 2023. Twitter post. https://twitter.com/kliu128/status/1623472922374574080.
  18. Jerry Liu. 2022. Llamaindex. 11 2022. https://github.com/jerryjliu/llama_index.
  19. Memorization in nlp fine-tuning methods. arXiv preprint arXiv:2205.12506.
  20. Augmenting large language models with rules for enhanced domain-specific interactions: The case of medical diagnosis. Electronics, 13(2):320.
  21. Retrieval augmented code generation and summarization. In Findings of the Association for Computational Linguistics: EMNLP 2021, pages 2719–2734.
  22. In-context retrieval-augmented language models. arXiv preprint arXiv:2302.00083.
  23. Enhancing retrieval-augmented large language models with iterative retrieval-generation synergy. arXiv preprint arXiv:2305.15294.
  24. Replug: Retrieval-augmented black-box language models. arXiv preprint arXiv:2301.12652.
  25. Retrieval augmentation reduces hallucination in conversation. arXiv preprint arXiv:2104.07567.
  26. Improving the domain adaptation of retrieval augmented generation (rag) models for open domain question answering. Transactions of the Association for Computational Linguistics, 11:1–17.
  27. Clinical text summarization: Adapting large language models can outperform human experts. arXiv preprint arXiv:2309.07430.
  28. Simon Willison. 2022. Prompt injection attacks against gpt-3. https://simonwillison.net/2022/Sep/12/promptinjection/.
  29. An explanation of in-context learning as implicit bayesian inference. arXiv preprint arXiv:2111.02080.
  30. Chatdoctor: A medical chat model fine-tuned on llama model using medical domain knowledge. arXiv preprint arXiv:2303.14070.
  31. Exploring memorization in fine-tuned language models. arXiv preprint arXiv:2310.06714.
  32. Counterfactual memorization in neural language models. arXiv preprint arXiv:2112.12938.
  33. Yiming Zhang and Daphne Ippolito. 2023. Prompts should not be seen as secrets: Systematically measuring prompt extraction attack success. arXiv preprint arXiv:2307.06865.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (11)
  1. Shenglai Zeng (19 papers)
  2. Jiankun Zhang (10 papers)
  3. Pengfei He (36 papers)
  4. Yue Xing (47 papers)
  5. Yiding Liu (30 papers)
  6. Han Xu (92 papers)
  7. Jie Ren (329 papers)
  8. Shuaiqiang Wang (68 papers)
  9. Dawei Yin (165 papers)
  10. Yi Chang (150 papers)
  11. Jiliang Tang (204 papers)
Citations (31)
View on Semantic Scholar