{"id":2092,"date":"2025-11-30T07:15:03","date_gmt":"2025-11-30T07:15:03","guid":{"rendered":"https:\/\/scipapermill.com\/index.php\/2025\/11\/30\/differential-privacy-unleashed-navigating-new-frontiers-in-ai-ml-security-and-fairness\/"},"modified":"2025-12-28T21:11:43","modified_gmt":"2025-12-28T21:11:43","slug":"differential-privacy-unleashed-navigating-new-frontiers-in-ai-ml-security-and-fairness","status":"publish","type":"post","link":"https:\/\/scipapermill.com\/index.php\/2025\/11\/30\/differential-privacy-unleashed-navigating-new-frontiers-in-ai-ml-security-and-fairness\/","title":{"rendered":"Differential Privacy Unleashed: Navigating New Frontiers in AI\/ML Security and Fairness"},"content":{"rendered":"

Latest 50 papers on differential privacy: Nov. 30, 2025<\/h3>\n

Differential Privacy (DP) has long been a cornerstone of data protection in AI\/ML, offering robust mathematical guarantees against information leakage. Yet, as models grow more complex and data becomes more interconnected, new challenges emerge, pushing the boundaries of what DP can achieve. Recent breakthroughs, as showcased in a flurry of innovative research, are not just refining existing DP techniques but are fundamentally reshaping how we approach privacy, fairness, and utility in modern AI systems.<\/p>\n

The Big Idea(s) & Core Innovations<\/h3>\n

At the heart of these advancements is a drive to make differential privacy more practical, versatile, and robust across diverse applications. One significant theme is the reimagining of DP mechanisms for complex data structures and learning paradigms<\/strong>. For instance, researchers from the Institute of Science and Technology Austria (ISTA)<\/strong> in their paper, \u201cDP-MicroAdam: Private and Frugal Algorithm for Training and Fine-tuning<\/a>\u201d, challenge the dominance of DP-SGD by introducing DP-MicroAdam. This adaptive optimizer significantly improves performance and stability under DP, demonstrating that adaptive methods are not only viable but superior for private training. Complementing this, Xincheng Xu, Thilina Ranbaduge, Qing Wang, Thierry Rakotoarivelo, and David Smith<\/strong> from Australian National University and Data 61, CSIRO<\/strong>, in \u201cEnhancing DPSGD via Per-Sample Momentum and Low-Pass Filtering<\/a>\u201d, introduce DP-PMLF to simultaneously mitigate DP noise and clipping bias, achieving improved convergence rates and utility.<\/p>\n

Graph data, a notoriously tricky area for privacy, sees substantial progress. Yihua Hu, Hao Ding, and Wei Dong<\/strong> from Nanyang Technological University, Singapore<\/strong>, present \u201cN2E: A General Framework to Reduce Node-Differential Privacy to Edge-Differential Privacy for Graph Analytics<\/a>\u201d. N2E bridges the gap between node-DP and edge-DP, enabling more efficient and practical node-DP implementations. Similarly, Abhinav Chakraborty (Columbia University), Sayak Chatterjee (University of Pennsylvania), and Sagnik Nandy (The Ohio State University)<\/strong>, in \u201cPriME: Privacy-aware Membership profile Estimation in networks<\/a>\u201d, propose an optimal private algorithm for estimating community memberships under \u03f5<\/em><\/span>-edge local differential privacy, proving minimax optimality.<\/p>\n

The challenge of privacy with dependent data and complex AI architectures<\/strong> is also being tackled head-on. Valentin Roth and Marco Avella Medina<\/strong> from Institute of Science and Technology Austria and Columbia University<\/strong>, in \u201cDifferential Privacy with Dependent Data<\/a>\u201d, extend DP tools to handle longitudinal and other dependent datasets using log-Sobolev inequalities. Meanwhile, Benjamin Dupuis (Inria), Mert G\u00fcrb\u00fczbalaban (Rutgers Business School), Umut \u015eim\u015fekli (Inria), Jian Wang (Fujian Normal University), Sinan Y\u0131ld\u0131r\u0131m (Sabanc\u0131 University), and Lingjiong Zhu (Florida State University)<\/strong>, in \u201cR\u00e9nyi Differential Privacy for Heavy-Tailed SDEs via Fractional Poincar\u00e9 Inequalities<\/a>\u201d, provide the first RDP guarantees for heavy-tailed SDEs, significantly reducing dimensionality dependence. For large language models (LLMs), Ruihan Wu, Erchi Wang, Zhiyuan Zhang, and Yu-Xiang Wang<\/strong> from University of California, San Diego and University of California, Los Angeles<\/strong>, present \u201cPrivate-RAG: Answering Multiple Queries with LLMs while Keeping Your Data Private<\/a>\u201d, which introduces two differentially private RAG algorithms (MURAG and MURAG-ADA) to handle multiple queries with high utility. Also for LLMs, Chelsea McMurray and Hayder Tirmazi<\/strong> from Dorcha<\/strong> introduce \u201cWhistledown: Combining User-Level Privacy with Conversational Coherence in LLMs<\/a>\u201d, a privacy-preserving transformation layer that maintains conversational flow while protecting user data.<\/p>\n

A groundbreaking approach for more granular privacy protection<\/em> comes from Xinghe Chen, Dajun Sun, Quanqing Xu, and Wei Dong<\/strong> from Nanyang Technological University, Singapore, Hong Kong University of Science and Technology, and OceanBase, Ant Group<\/strong>, in \u201cA General Framework for Per-record Differential Privacy<\/a>\u201d. This framework enables flexible, stronger privacy tailored to individual records by leveraging existing DP mechanisms with improved utility.<\/p>\n

Another critical dimension is the integration of fairness with privacy<\/strong>. Lilian Say, Christophe Denis, and Rafael Pinot<\/strong> from Sorbonne Universit\u00e9 and Universit\u00e9 Paris 1 Panth\u00e9on-Sorbonne<\/strong>, in \u201cFairness Meets Privacy: Integrating Differential Privacy and Demographic Parity in Multi-class Classification<\/a>\u201d, introduce DP2DP, a post-processing algorithm that combines differential privacy with demographic parity constraints, showing that fairness and privacy can coexist with minimal performance loss. Building on this, Hrad Ghoukasian and Shahab Asoodeh<\/strong> from McMaster University<\/strong>, in \u201cOptimal Fairness under Local Differential Privacy<\/a>\u201d, investigate how to optimally design LDP mechanisms to reduce data unfairness, theoretically linking this to improved classification fairness.<\/p>\n

Finally, the research also sheds light on privacy auditing and attack vectors<\/strong>. The paper \u201cObservational Auditing of Label Privacy<\/a>\u201d introduces a novel auditing methodology that eliminates the need for dataset modification, simplifying privacy evaluation. This is critical for assessing privacy risks like those highlighted by Mona Khalil (University of Toronto) and Najeeb Jebreel (University of Waterloo)<\/strong> in \u201cMembership Inference Attacks Beyond Overfitting<\/a>\u201d, which show that even well-generalized models can leak information about outliers.<\/p>\n

Under the Hood: Models, Datasets, & Benchmarks<\/h3>\n

The innovations discussed are powered by a combination of new algorithmic designs and strategic use of existing resources:<\/p>\n