Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage

Md Rafi Ur Rashid; Jing Liu; Toshiaki Koike-Akino; Ye Wang; Shagufta Mehnaz

doi:10.1609/aaai.v39i19.34218

Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage

Md Rafi Ur Rashid
, Jing Liu
, Toshiaki Koike-Akino
, Ye Wang
, Shagufta Mehnaz

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Fine-tuning large language models on private data for downstream applications poses significant privacy risks in potentially exposing sensitive information. Several popular community platforms now offer convenient distribution of a large variety of pre-trained models, allowing anyone to publish without rigorous verification. This scenario creates a privacy threat, as pre-trained models can be intentionally crafted to compromise the privacy of fine-tuning datasets. In this study, we introduce a novel poisoning technique that uses model-unlearning as an attack tool. This approach manipulates a pre-trained language model to increase the leakage of private data during the fine-tuning process. Our method enhances both membership inference and data extraction attacks while preserving model utility. Experimental results across different models, datasets, and fine-tuning setups demonstrate that our attacks significantly surpass baseline performance. This work serves as a cautionary note for users who download pre-trained models from unverified sources, highlighting the potential risks involved.

Original language	English (US)
Title of host publication	Special Track on AI Alignment
Editors	Toby Walsh, Julie Shah, Zico Kolter
Publisher	Association for the Advancement of Artificial Intelligence
Pages	20139-20147
Number of pages	9
Edition	19
ISBN (Electronic)	157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978
DOIs	https://doi.org/10.1609/aaai.v39i19.34218
State	Published - Apr 11 2025
Event	39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025 - Philadelphia, United States Duration: Feb 25 2025 → Mar 4 2025

Publication series

Name	Proceedings of the AAAI Conference on Artificial Intelligence
Number	19
Volume	39
ISSN (Print)	2159-5399
ISSN (Electronic)	2374-3468

Conference

Conference	39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025
Country/Territory	United States
City	Philadelphia
Period	2/25/25 → 3/4/25

All Science Journal Classification (ASJC) codes

Artificial Intelligence

Access to Document

10.1609/aaai.v39i19.34218

Cite this

Rashid, M. R. U., Liu, J., Koike-Akino, T., Wang, Y., & Mehnaz, S. (2025). Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage. In T. Walsh, J. Shah, & Z. Kolter (Eds.), Special Track on AI Alignment (19 ed., pp. 20139-20147). (Proceedings of the AAAI Conference on Artificial Intelligence; Vol. 39, No. 19). Association for the Advancement of Artificial Intelligence. https://doi.org/10.1609/aaai.v39i19.34218

Rashid, Md Rafi Ur ; Liu, Jing ; Koike-Akino, Toshiaki et al. / Forget to Flourish : Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage. Special Track on AI Alignment. editor / Toby Walsh ; Julie Shah ; Zico Kolter. 19. ed. Association for the Advancement of Artificial Intelligence, 2025. pp. 20139-20147 (Proceedings of the AAAI Conference on Artificial Intelligence; 19).

@inproceedings{4abce1368af24783aeafe0c1b88ed0a3,

title = "Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage",

abstract = "Fine-tuning large language models on private data for downstream applications poses significant privacy risks in potentially exposing sensitive information. Several popular community platforms now offer convenient distribution of a large variety of pre-trained models, allowing anyone to publish without rigorous verification. This scenario creates a privacy threat, as pre-trained models can be intentionally crafted to compromise the privacy of fine-tuning datasets. In this study, we introduce a novel poisoning technique that uses model-unlearning as an attack tool. This approach manipulates a pre-trained language model to increase the leakage of private data during the fine-tuning process. Our method enhances both membership inference and data extraction attacks while preserving model utility. Experimental results across different models, datasets, and fine-tuning setups demonstrate that our attacks significantly surpass baseline performance. This work serves as a cautionary note for users who download pre-trained models from unverified sources, highlighting the potential risks involved.",

author = "Rashid, \{Md Rafi Ur\} and Jing Liu and Toshiaki Koike-Akino and Ye Wang and Shagufta Mehnaz",

note = "Publisher Copyright: Copyright {\textcopyright} 2025, Association for the Advancement of Artificia Intelligence (www.aaai.org). All rights reserved.; 39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025 ; Conference date: 25-02-2025 Through 04-03-2025",

year = "2025",

month = apr,

day = "11",

doi = "10.1609/aaai.v39i19.34218",

language = "English (US)",

series = "Proceedings of the AAAI Conference on Artificial Intelligence",

publisher = "Association for the Advancement of Artificial Intelligence",

number = "19",

pages = "20139--20147",

editor = "Toby Walsh and Julie Shah and Zico Kolter",

booktitle = "Special Track on AI Alignment",

edition = "19",

}

Rashid, MRU, Liu, J, Koike-Akino, T, Wang, Y & Mehnaz, S 2025, Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage. in T Walsh, J Shah & Z Kolter (eds), Special Track on AI Alignment. 19 edn, Proceedings of the AAAI Conference on Artificial Intelligence, no. 19, vol. 39, Association for the Advancement of Artificial Intelligence, pp. 20139-20147, 39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025, Philadelphia, United States, 2/25/25. https://doi.org/10.1609/aaai.v39i19.34218

Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage. / Rashid, Md Rafi Ur; Liu, Jing; Koike-Akino, Toshiaki et al.
Special Track on AI Alignment. ed. / Toby Walsh; Julie Shah; Zico Kolter. 19. ed. Association for the Advancement of Artificial Intelligence, 2025. p. 20139-20147 (Proceedings of the AAAI Conference on Artificial Intelligence; Vol. 39, No. 19).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Forget to Flourish

T2 - 39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025

AU - Rashid, Md Rafi Ur

AU - Liu, Jing

AU - Koike-Akino, Toshiaki

AU - Wang, Ye

AU - Mehnaz, Shagufta

PY - 2025/4/11

Y1 - 2025/4/11

N2 - Fine-tuning large language models on private data for downstream applications poses significant privacy risks in potentially exposing sensitive information. Several popular community platforms now offer convenient distribution of a large variety of pre-trained models, allowing anyone to publish without rigorous verification. This scenario creates a privacy threat, as pre-trained models can be intentionally crafted to compromise the privacy of fine-tuning datasets. In this study, we introduce a novel poisoning technique that uses model-unlearning as an attack tool. This approach manipulates a pre-trained language model to increase the leakage of private data during the fine-tuning process. Our method enhances both membership inference and data extraction attacks while preserving model utility. Experimental results across different models, datasets, and fine-tuning setups demonstrate that our attacks significantly surpass baseline performance. This work serves as a cautionary note for users who download pre-trained models from unverified sources, highlighting the potential risks involved.

AB - Fine-tuning large language models on private data for downstream applications poses significant privacy risks in potentially exposing sensitive information. Several popular community platforms now offer convenient distribution of a large variety of pre-trained models, allowing anyone to publish without rigorous verification. This scenario creates a privacy threat, as pre-trained models can be intentionally crafted to compromise the privacy of fine-tuning datasets. In this study, we introduce a novel poisoning technique that uses model-unlearning as an attack tool. This approach manipulates a pre-trained language model to increase the leakage of private data during the fine-tuning process. Our method enhances both membership inference and data extraction attacks while preserving model utility. Experimental results across different models, datasets, and fine-tuning setups demonstrate that our attacks significantly surpass baseline performance. This work serves as a cautionary note for users who download pre-trained models from unverified sources, highlighting the potential risks involved.

UR - https://www.scopus.com/pages/publications/105004296099

UR - https://www.scopus.com/pages/publications/105004296099#tab=citedBy

U2 - 10.1609/aaai.v39i19.34218

DO - 10.1609/aaai.v39i19.34218

M3 - Conference contribution

AN - SCOPUS:105004296099

T3 - Proceedings of the AAAI Conference on Artificial Intelligence

SP - 20139

EP - 20147

BT - Special Track on AI Alignment

A2 - Walsh, Toby

A2 - Shah, Julie

A2 - Kolter, Zico

PB - Association for the Advancement of Artificial Intelligence

Y2 - 25 February 2025 through 4 March 2025

ER -

Rashid MRU, Liu J, Koike-Akino T, Wang Y, Mehnaz S. Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage. In Walsh T, Shah J, Kolter Z, editors, Special Track on AI Alignment. 19 ed. Association for the Advancement of Artificial Intelligence. 2025. p. 20139-20147. (Proceedings of the AAAI Conference on Artificial Intelligence; 19). doi: 10.1609/aaai.v39i19.34218

Forget to Flourish: Leveraging Machine-Unlearning on Pretrained Language Models for Privacy Leakage

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this