Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Mitigating the Privacy Issues in Retrieval-Augmented Generation (RAG) via Pure Synthetic Data

Shenglai Zeng, Jiankun Zhang, Pengfei He, Jie Ren, Tianqi Zheng, Hanqing Lu, Han Xu, Hui Liu, Yue Xing, Jiliang Tang

TL;DR

Retrieval-Augmented Generation (RAG) can improve responses by incorporating retrieved external information but raises privacy concerns when the retrieval data contains sensitive content. The authors introduce SAGE (Synthetic Attribute-based Generation with agEnt-based refinement), a two-stage pipeline that first preserves essential information via attribute-based data generation and then applies an agent-based refinement to minimize privacy leakage. Across medical-dialog and open-domain QA tasks, synthetic retrieval data produced by SAGE achieves comparable utility to original data while substantially mitigating both untargeted and targeted privacy attacks. The approach operates offline and at the data level, offering a practical path toward safer deployment of RAG in sensitive domains such as healthcare. This work lays a foundation for broader domain application and invites integration with formal privacy guarantees in future research.

Abstract

Retrieval-augmented generation (RAG) enhances the outputs of language models by integrating relevant information retrieved from external knowledge sources. However, when the retrieval process involves private data, RAG systems may face severe privacy risks, potentially leading to the leakage of sensitive information. To address this issue, we propose using synthetic data as a privacy-preserving alternative for the retrieval data. We propose SAGE, a novel two-stage synthetic data generation paradigm. In the stage-1, we employ an attribute-based extraction and generation approach to preserve key contextual information from the original data. In the stage-2, we further enhance the privacy properties of the synthetic data through an agent-based iterative refinement process. Extensive experiments demonstrate that using our synthetic data as the retrieval context achieves comparable performance to using the original data while substantially reducing privacy risks. Our work takes the first step towards investigating the possibility of generating high-utility and privacy-preserving synthetic data for RAG, opening up new opportunities for the safe application of RAG systems in various domains.

Mitigating the Privacy Issues in Retrieval-Augmented Generation (RAG) via Pure Synthetic Data

TL;DR

Retrieval-Augmented Generation (RAG) can improve responses by incorporating retrieved external information but raises privacy concerns when the retrieval data contains sensitive content. The authors introduce SAGE (Synthetic Attribute-based Generation with agEnt-based refinement), a two-stage pipeline that first preserves essential information via attribute-based data generation and then applies an agent-based refinement to minimize privacy leakage. Across medical-dialog and open-domain QA tasks, synthetic retrieval data produced by SAGE achieves comparable utility to original data while substantially mitigating both untargeted and targeted privacy attacks. The approach operates offline and at the data level, offering a practical path toward safer deployment of RAG in sensitive domains such as healthcare. This work lays a foundation for broader domain application and invites integration with formal privacy guarantees in future research.

Abstract

Retrieval-augmented generation (RAG) enhances the outputs of language models by integrating relevant information retrieved from external knowledge sources. However, when the retrieval process involves private data, RAG systems may face severe privacy risks, potentially leading to the leakage of sensitive information. To address this issue, we propose using synthetic data as a privacy-preserving alternative for the retrieval data. We propose SAGE, a novel two-stage synthetic data generation paradigm. In the stage-1, we employ an attribute-based extraction and generation approach to preserve key contextual information from the original data. In the stage-2, we further enhance the privacy properties of the synthetic data through an agent-based iterative refinement process. Extensive experiments demonstrate that using our synthetic data as the retrieval context achieves comparable performance to using the original data while substantially reducing privacy risks. Our work takes the first step towards investigating the possibility of generating high-utility and privacy-preserving synthetic data for RAG, opening up new opportunities for the safe application of RAG systems in various domains.
Paper Structure (48 sections, 1 equation, 5 figures, 19 tables)

This paper contains 48 sections, 1 equation, 5 figures, 19 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Retrieval-augmented generation and its privacy issues
  4. Synthetic data generation using large language models
  5. Methods
  6. Stage-1: Attribute-based data generation
  7. Stage-2: Agent-based private data refinement
  8. Experiment
  9. Evaluation Setup
  10. RAG components
  11. Tasks and retrieval datasets
  12. Baselines.
  13. Utility of using synthetic data
  14. Utility results on medical dialog.
  15. Utility results on ODQA.
  16. ...and 33 more sections

Figures (5)

  • Figure 1: An illustration for RAG with synthetic data.
  • Figure 2: Pipeline of generating synthetic data.
  • Figure 3: Ablation study on model choice. TI means targeted information and RP means repeat prompts.
  • Figure 4: Ablation study on number of attributes $m$.
  • Figure 5: Ablation study on number of retrieved docs.