Representing textual information as real-numbered embeddings has become the norm in NLP. Moreover, with the rise of public interest in large language models (LLMs), Embeddings as a Service (EaaS) has rapidly gained traction as a business model. This is not without outstanding security risks, as previous research has demonstrated that sensitive data can be reconstructed from embeddings, even without knowledge of the underlying model that generated them. However, such work is limited by its sole focus on English, leaving all other languages vulnerable to attacks by malicious actors. %As many international and multilingual companies leverage EaaS, there is an urgent need for research into multilingual LLM security. To this end, this work investigates LLM security from the perspective of multilingual embedding inversion. Concretely, we define the problem of black-box multilingual and cross-lingual inversion attacks, with special attention to a cross-domain scenario. Our findings reveal that multilingual models are potentially more vulnerable to inversion attacks than their monolingual counterparts. This stems from the reduced data requirements for achieving comparable inversion performance in settings where the underlying language is not known a-priori. To our knowledge, this work is the first to delve into multilinguality within the context of inversion attacks, and our findings highlight the need for further investigation and enhanced defenses in the area of NLP Security.

翻译：将文本信息表示为实数嵌入已成为自然语言处理中的常态。此外，随着公众对大型语言模型兴趣的增长，嵌入即服务作为一种商业模式迅速获得关注。但这并非没有突出的安全风险，因为先前的研究已表明，即使不知道生成嵌入的底层模型，敏感数据也能从嵌入中重建。然而，这类工作仅限于关注英语，使得所有其他语言易受恶意行为者攻击。随着许多国际和多语言公司利用嵌入即服务，迫切需要研究多语言LLM的安全性。为此，本工作从多语言嵌入逆攻击的角度调查LLM安全性。具体地，我们定义了黑盒多语言和跨语言逆攻击的问题，并特别关注跨领域场景。我们的发现表明，多语言模型可能比单语模型更容易受到逆攻击。这源于在不预先知道底层语言的情况下，达到可比逆攻击性能所需的数据量减少。据我们所知，本工作是首次深入探讨逆攻击背景下的多语言性，我们的发现强调了在自然语言处理安全领域需要进一步研究和增强防御。