Prompt-tuning has received attention as an efficient tuning method in the language domain, i.e., tuning a prompt that is a few tokens long, while keeping the large language model frozen, yet achieving comparable performance with conventional fine-tuning. Considering the emerging privacy concerns with language models, we initiate the study of privacy leakage in the setting of prompt-tuning. We first describe a real-world email service pipeline to provide customized output for various users via prompt-tuning. Then we propose a novel privacy attack framework to infer users' private information by exploiting the prompt module with user-specific signals. We conduct a comprehensive privacy evaluation on the target pipeline to demonstrate the potential leakage from prompt-tuning. The results also demonstrate the effectiveness of the proposed attack.

翻译：提示调优作为一种高效的调优方法在语言领域受到关注，即调节仅包含少数令牌的提示，同时保持大型语言模型冻结，却能实现与传统微调相当的性能。考虑到语言模型日益引发的隐私问题，我们率先在提示调优场景下开展隐私泄露研究。首先，描述了一个真实的电子邮件服务管道，通过提示调优为不同用户提供定制化输出。随后，提出一种新型隐私攻击框架，通过利用包含用户特定信号的提示模块来推断用户隐私信息。我们在目标管道上进行了全面的隐私评估，以证明提示调优可能带来的隐私泄露。实验结果同时验证了所提出攻击框架的有效性。