MIT Researchers Advance AI Privacy with Faster, Smarter PAC Framework
CAMBRIDGE, MA, 11TH APRIL, 2025 — A team of MIT researchers has launched a new version of its PAC Privacy framework, an incredibly efficient technique designed to allow training on sensitive AI data without compromising the accuracy of the model.
With this breakthrough, it has brought a basis for empirical evidence into dispute with the reputation-based trade-off that has existed between data privacy and model performance.
PAC Privacy originally computed the amount of noise that would render private-data recovery by an attacker impossible via running a model over varied samples of data multiple times.
While this completed the task, it was extremely compute intensive. The new improved method needs only output variances rather than entire covariance matrices; it thus works orders of magnitude faster and is scalable to bigger datasets.
The improved approach also enables anisotropic noise-addition, that is, noise can be added specifically along the intended direction in space rather than isotropic, which adds noise in every which way.
This could drastically reduce the amount of noise required for privacy purposes while allowing the AI to achieve a higher accuracy.
First author Mayuri Sridhar has discovered that more stable algorithms, i.e., the ones output less sensitive to tiny perturbations of training data, require less noise to privatize.
This points to potential “win-win” situations where stability, privacy, and accuracy go hand in hand.
“We tend to consider robustness and privacy as unrelated to, or perhaps even in conflict with, constructing a high-performance algorithm. First, we make a working algorithm, then we make it robust, and then private.
We’ve shown that is not always the right framing. If you make your algorithm perform better in a variety of settings, you can essentially get privacy for free,” says Mayuri Sridhar, an MIT graduate student and lead author of a paper on this privacy framework.
She is joined in the paper by Hanshen Xiao PhD ’24, who will start as an assistant professor at Purdue University in the fall; and senior author Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering at MIT.
“We want to explore how algorithms could be co-designed with PAC Privacy, so the algorithm is more stable, secure, and robust from the beginning,” adds Devadas.
The study, to be presented at the IEEE Symposium on Security and Privacy, testifies that PAC Privacy holds up against sophisticated extraction attacks. Upcoming research will apply the technique towards more complex algorithms and produce PAC-compatible databases for automated private data analytics.
“I think the key advantage PAC Privacy has in this setting over other privacy definitions is that it is a black box — you don’t need to manually analyze each individual query to privatize the results. It can be done completely automatically. We are actively building a PAC-enabled database by extending existing SQL engines to support practical, automated, and efficient private data analytics,”
Says Xiangyao Yu, an assistant professor in the computer sciences department at the University of Wisconsin at Madison, who was not involved with this study.
The research is funded by Cisco, Capital One, the Department of Defense, and a MathWorks Fellowship.
Nissan and Wayve Team Up on Autonomous Driving Breakthrough
Capgemini’s New AI Deal With Google Could Change CX Forever
This UAE-Google Deal Could Change Global Cybersecurity Forever
