Search papers, labs, and topics across Lattice.
This paper introduces Multi-Recall Memory MIA (MRMMIA), a novel membership inference attack targeting the memory stores of chat agents. MRMMIA leverages multiple recall probes to extract membership signals across black-box, gray-box, and white-box access levels. Experiments show MRMMIA consistently outperforms baseline attacks, highlighting privacy vulnerabilities in chat agent memory systems.
Chat agent memories leak more user data than you think: a new attack, MRMMIA, reliably infers whether specific interactions are stored, even with limited access.
Membership inference attacks (MIAs) test whether a target data record belongs to a system's private data, and have become a standard tool to measure privacy leakage in machine learning systems. Prior work has primarily focused on training corpora or retrieval databases. However, MIAs against agent memory have received less attention, even though such memory can contain sensitive user-agent interactions, retrieved facts, and user preferences. Therefore, in this work, we focus on chat agent memory MIAs, where an adversary infers whether a candidate memory unit belongs to the chat agent's memory store. We propose Multi-Recall Memory MIA (MRMMIA), a unified attack that utilizes multiple recall probes to the agent to extract the membership signal across black-box, gray-box, and white-box settings. Our experiments demonstrate that MRMMIA consistently outperforms baselines. Our results expose the privacy risk in agents and provide an initial evaluation framework for membership leakage in chat-agent memory systems.
