📢 New ICML 2025 paper! Confidential Guardian: Cryptographically Prohibiting the Abuse of Model Abstention 🤔 Think model uncertainty can be trusted? We show that it can be misused—and how to stop it! Meet Mirage (our attack💥) & Confidential Guardian (our defense🛡️). 🧵1/10

🚀 Dive deeper: Paper ▶️ arxiv.org/abs/2505.23968 Code ▶️ github.com/cleverhans-lab… Joint work with Ali Shahin Shamsabadi, Olive Franzese, Xiao Wang, Adrian Weller, Nicolas Papernot. Talk to us at ICML in Vancouver! 🇨🇦 🧵10/10 #Abstention #Uncertainty #Calibration #ZKP #ICML2025

Stay tuned!

x.com/steverab/statu… 👆🏻Details our #ICML2025 paper on uncertainty and zero-knowledge-proofs

Are you an experienced Systems and Performance Researcher/Engineer? Join us at Brave to shape and advance system and performance evaluation and optimization—in the age of agents.

What exactly are the privacy and security practices of Comet, and are users truly aware of what they're opting into? Referring to perplexity.ai/hub/legal/priv…?

Did you know that "bad parties" can exploit model uncertainty to cause discriminatory behaviours? Want to learn how to enable confidential inference with proofs of well-calibratedness? Go see our paper at East Exhibition Hall A-B, # E-1002, 11:00 a.m. – 1:30 p.m. PDT #ICML2025

Brave’s AI doesn’t store your conversations, log your IP address, or use your conversations for model training. Other browsers can’t say the same.

Sahar is great, go work with her if you are interested in developing secure agents!

Brave folks found prompt injection bulbs too. We practice responsible disclosure, so filed a report with Perplexity. I hope our engineer wins a bug bounty. “Agentic” must not mean some reddit post can prompt-inject to pwn your bank/crypto/health-data/&c. linkedin.com/posts/aryaman-…

Two of our papers are accepted to #EMNLP2025 Both explore privacy in LLMs Brave : - Membership and Memorization in LLM Knowledge Distillation: arxiv.org/abs/2508.07054 - Context-Aware Membership Inference Attacks against Pre-trained Large Language Models: arxiv.org/abs/2409.13745

We define and quantify the membership and memorization privacy risk of the teacher’s private training data post-distillation. We found that: - LLM KD approaches carry membership and memorization privacy risks from the teacher to its student - but memorization is not membership!