Medical diagnosis AIs can be tricked into telling whose data trained them

BBender about 3 hours ago 1 commentsRead Article on theregister.com

ZH version is available. Content is displayed in original English for accuracy.

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 96 words in the discussion.

Discussion (1 Comments)Read Original on HackerNews

Legend2440•about 1 hour ago

Link to actual paper: https://www.nature.com/articles/s41586-026-10688-0

I think this article is a bad writeup about it. The attack is academically interesting but not practical or worth worrying about.

The claim that it provides a 'near-perfect attack success' is misleading; for the majority of datapoints it had no success at all. However for a minority of datapoints (anywhere from 0.001% to 10% depending on the model) it was able to state with >95% confidence that they were in the training data.

They are also not simply 'tricking' it into revealing your data. The attacker needs to already have your data in order to check if it is in the model. It also required retraining the model 200 times on different subsets of the training data and comparing the differences.