benchmark 2025

The Model's Language Matters: A Comparative Privacy Analysis of LLMs

Abhishek Mishra 1,2,3, Antoine Boutet 1,2,3, Lucas Magnana 1,2,3

1 Inria

2 INSA Lyon

3 CITI

0 citations · 33 references · arXiv
α

Published on arXiv

2510.08813

Model Inversion Attack

OWASP ML Top 10 — ML03

Membership Inference Attack

OWASP ML Top 10 — ML04

Sensitive Information Disclosure

OWASP LLM Top 10 — LLM06

Key Finding

Linguistic redundancy and tokenization granularity predict privacy vulnerability: Italian shows strongest training data leakage while morphologically richer French and Spanish are more resilient across all three attack types.

Large Language Models (LLMs) are increasingly deployed across multilingual applications that handle sensitive data, yet their scale and linguistic variability introduce major privacy risks. Mostly evaluated for English, this paper investigates how language structure affects privacy leakage in LLMs trained on English, Spanish, French, and Italian medical corpora. We quantify six linguistic indicators and evaluate three attack vectors: extraction, counterfactual memorization, and membership inference. Results show that privacy vulnerability scales with linguistic redundancy and tokenization granularity: Italian exhibits the strongest leakage, while English shows higher membership separability. In contrast, French and Spanish display greater resilience due to higher morphological complexity. Overall, our findings provide the first quantitative evidence that language matters in privacy leakage, underscoring the need for language-aware privacy-preserving mechanisms in LLM deployments.

Key Contributions

  • First quantitative cross-lingual analysis linking linguistic properties (redundancy, morphological complexity, tokenization granularity) to LLM privacy vulnerability
  • Evaluation of extraction, counterfactual memorization, and membership inference attacks across English, Spanish, French, and Italian medical LLMs
  • Evidence that Italian exhibits the strongest leakage while French and Spanish show greater resilience due to morphological richness

🛡️ Threat Analysis

Model Inversion Attack

Extraction and counterfactual memorization attacks are directly evaluated as methods to recover private training data from fine-tuned LLMs across four languages.

Membership Inference Attack

Membership inference attacks are explicitly evaluated, showing English fine-tuned models exhibit the clearest in/out sample separability.

Details

Domains
nlp
Model Types
llmtransformer
Threat Tags
black_boxinference_timetraining_time
Datasets
multilingual medical corpora (English, Spanish, French, Italian)
Applications
medical text processingmultilingual llm deployment
Read PDF arXiv DOI

Similar Papers

benchmark

On the Effectiveness of Membership Inference in Targeted Data Extraction from Large Language Models

2025 0 cit.
Membership Inference AttackModel Inversion Attack
94%
benchmark

Membership and Memorization in LLM Knowledge Distillation

2025 0 cit.
Membership Inference AttackModel Inversion Attack
94%
benchmark

Towards Benchmarking Privacy Vulnerabilities in Selective Forgetting with Large Language Models

2025 1 cit.
Model Inversion AttackMembership Inference Attack
89%
benchmark

VFLAIR-LLM: A Comprehensive Framework and Benchmark for Split Learning of LLMs

2025 0 cit.
Model Inversion AttackMembership Inference Attack
89%
benchmark

Hubble: a Model Suite to Advance the Study of LLM Memorization

2025 6 cit.
Model Inversion AttackMembership Inference Attack
83%
benchmark

Understanding Privacy Risks in Code Models Through Training Dynamics: A Causal Approach

2025 1 cit.
Model Inversion Attack
82%
benchmark

Personal Information Parroting in Language Models

2026 0 cit.
Model Inversion Attack
82%
benchmark

Unintended Memorization of Sensitive Information in Fine-Tuned Language Models

2026 0 cit.
Model Inversion Attack
82%