Privacy-Enhancing Technologies for Artificial Intelligence-Enabled Systems

TL;DR

The paper analyzes privacy risks in AI-enabled systems with a focus on data-in-use threats across development, deployment, and inference. It advocates a PET-centric approach, highlighting TEEs, FHE, and FL as core technologies to protect data and models while outlining additional PETs such as differential privacy and synthetic data. A holistic evaluation framework—covering use-case applicability, system impact, and implementation readiness—guides the selection and integration of PETs, considering standards and cryptographic agility. By detailing insider and outsider threat models and the need for model integrity protections, the work argues that PETs can enable private, trustworthy AI with practical real-world impact.

Abstract

Artificial intelligence (AI) models introduce privacy vulnerabilities to systems. These vulnerabilities may impact model owners or system users; they exist during model development, deployment, and inference phases, and threats can be internal or external to the system. In this paper, we investigate potential threats and propose the use of several privacy-enhancing technologies (PETs) to defend AI-enabled systems. We then provide a framework for PETs evaluation for a AI-enabled systems and discuss the impact PETs may have on system-level variables.

Figures (8)

• Figure 1: A selection of PETs organized into groups based on each technology’s primary characteristic.
• Figure 2: A selection of PETs evaluated against important system-level characteristics.
• Figure 3: Example of an insider threat where a careless insider exposes potentially sensitive data to an external model.
• Figure 4: Example of an insider threat where a malicious insider exposes sensitive data to unauthorized parties via some messaging service.
• Figure 5: Example of an outsider threat where an outsider attempts to confuse an AI model by sending malformed data.