Search papers, labs, and topics across Lattice.
This paper introduces a regex-and-rule-based detector suite (R&R) for identifying personal information (PI) like email addresses, phone numbers, and IP addresses in language model outputs. Using the R&R detector, the authors measured verbatim memorization of PI in the Pythia model suite, finding that even the smallest model (160M parameters) parrots a measurable percentage of PI. The study reveals a positive correlation between model size/pretraining time and PI memorization, highlighting privacy risks associated with large language models.
Language models leak personal data at an alarming rate, with even small models verbatim parroting almost 3% of personal information instances.
Modern language models (LM) are trained on large scrapes of the Web, containing millions of personal information (PI) instances, many of which LMs memorize, increasing privacy risks. In this work, we develop the regexes and rules (R&R) detector suite to detect email addresses, phone numbers, and IP addresses, which outperforms the best regex-based PI detectors. On a manually curated set of 483 instances of PI, we measure memorization: finding that 13.6% are parroted verbatim by the Pythia-6.9b model, i.e., when the model is prompted with the tokens that precede the PI in the original document, greedy decoding generates the entire PI span exactly. We expand this analysis to study models of varying sizes (160M-6.9B) and pretraining time steps (70k-143k iterations) in the Pythia model suite and find that both model size and amount of pretraining are positively correlated with memorization. Even the smallest model, Pythia-160m, parrots 2.7% of the instances exactly. Consequently, we strongly recommend that pretraining datasets be aggressively filtered and anonymized to minimize PI parroting.
CMU ML