Privacy in Foundation Models: A Conceptual Framework for System Design
Tingting Bi, Guangsheng Yu, Qin Wang
TL;DR
The paper addresses privacy risks in foundation-model-based systems by proposing a conceptual framework that weaves responsible AI (RAI) patterns into governance, process, and product dimensions. It introduces a reusable RAI pattern pool and a three-stage evaluation strategy—Searching, Suggesting, and Reflecting—with four evaluation steps to systematically identify, propose, validate, and consolidate privacy assumptions and decisions. Key contributions include the pattern pool, the structured evaluation workflow, and a pathway to generalize the framework to other quality attributes, enabling broader, automated privacy reasoning and decision support across data management, model development, and monitoring lifecycles. The framework aims to bridge fragmented privacy knowledge, support transparent decision-making, and forecast maintenance implications, ultimately facilitating safer and more privacy-conscious FM-based systems in practice.
Abstract
AI and its relevant technologies, including machine learning, deep learning, chatbots, virtual assistants, and others, are currently undergoing a profound transformation of development and organizational processes within companies. Foundation models present both significant challenges and incredible opportunities. In this context, ensuring the quality attributes of foundation model-based systems is of paramount importance, and with a particular focus on the challenging issue of privacy due to the sensitive nature of the data and information involved. However, there is currently a lack of consensus regarding the comprehensive scope of both technical and non-technical issues that the privacy evaluation process should encompass. Additionally, there is uncertainty about which existing methods are best suited to effectively address these privacy concerns. In response to this challenge, this paper introduces a novel conceptual framework that integrates various responsible AI patterns from multiple perspectives, with the specific aim of safeguarding privacy.