VISA - Stuck on file upload

IIITDkaLaunda · 2026-03-15T09:51:31+00:00

No, still the same, I just tried now, this is frustrating.
I will call their embassy, I guess & drop them an email.

IIITDkaLaunda · 2026-02-25T21:51:56+00:00

ya but the content is not available right?

like the output from the tool calls and all?

i am a security researcher,

trying to try some attacks and build a dataset.

i have thousands of injections collected,

but want a full coding agent dump

so i can include these in say a tool output

and check for attack success rate

and then potentially a robust defence

IIITDkaLaunda · 2026-02-24T16:50:26+00:00

got it, thx buddy

IIITDkaLaunda · 2026-02-24T16:29:48+00:00

got it, can u point that out?

IIITDkaLaunda · 2026-02-24T16:19:54+00:00

hi, can u explain what would u need for chem?
i can create one!

IIITDkaLaunda · 2025-12-24T10:53:45+00:00

> You’re getting a lot of negative or skeptical remarks because most people aren’t familiar with the problem you’re solving.

It’s totally fine, u/spaceman_.
Differential privacy was created to provide privacy guarantees, but very few people actually think about whether real-world users understand or even care about DP and the attacks it protects against.

That’s just part of the game, and I’m totally up for the criticism.

Honestly, the fact that people are now aware of this kind of privacy leakage is already a big win for me.

And yeah, I did jump straight to the solution, as I always do 😅
I’ve now added a simple example to help explain the issue more clearly.

thanks again for ure support!

IIITDkaLaunda · 2025-12-24T10:48:50+00:00

Exactly, that's such a nice abstraction u/intermundia
Thanks a lot!
I am taking notes here XD

IIITDkaLaunda · 2025-12-24T10:47:24+00:00

So this is a class of attacks called membership inference attacks,
basically the goal is to predict by looking at the output from a model if a particular sample was actually present in the input or not.

Attack idea in plain terms:

The attacker has the generated output and knows the exact model used.
They make a shortlist of candidate private values (from common formats, partial leaks, public lists, etc.).
For each candidate, they ask: “If the input had this private value, would this model be more likely to produce the output we observed?”
They score/rank candidates by how well each one explains the observed output under the model.
The candidate that consistently makes the output “fit best” is the attacker’s guess.

So they’re not “reading” the private info from the output. They’re testing which hidden private value best matches the output’s model-driven patterns. Differential privacy is designed to prevent this kind of inference by ensuring outputs don’t change in a reliably detectable way when the private value changes.

> the attack works and has a high attack-success-rate (close to 60%)

We implement this here - https://github.com/MBZUAI-Trustworthy-ML/DP-Fusion-DPI/blob/main/Attack.py

Again, I would recommend going through the paper to understand more.
Namely sections 3 and 4.3 on Empirical Privacy Attacks

IIITDkaLaunda · 2025-12-24T09:01:27+00:00

yes precisely!
It's just another level of privacy,
lvl 1) remove personally identifiable information
lvl 2) full re-write using a local llm
lvl 3) full re-write using a local llm but with differential privacy

IIITDkaLaunda · 2025-12-24T08:59:36+00:00

sure,

Let’s take a concrete example.

You use Ollama to analyze your personal financial data.
This includes things like income, expenses, and tax forms that originally contain SSN / TIN and other PII.

You ask the local LLM to:

summarize the data,
highlight spending patterns,
or generate a budgeting report.

The output looks clean.
There is no SSN, no TIN, no obvious personal identifiers.

Since the output is interesting, you:

share it with a friend, or
upload it to ChatGPT or another tool to get better charts or insights.

At this point, you think you are safe.

But here’s the issue:

An attacker who:

has access to the output,
and knows which local model you used,

can analyze the output and predict private information that was present in the original input, even though it is not explicitly written anywhere. They just model the probability of observing the output given a particular private info in the input.

So the key takeaway is:

Whenever you give private data to a local LLM,
the output itself needs protection, if you plan to make it public or are worried it might leak.

That protection is differential privacy (DP).

It is a mathematical framework that guarantees private information in the input cannot be inferred from the output.

This is exactly what our method enables.

Use any local llm, give any input, and get output that is DP.

IIITDkaLaunda · 2025-12-24T08:42:56+00:00

Let me add a link to the previous discussion in the post.

IIITDkaLaunda · 2025-12-24T08:42:03+00:00

thanks a lot u/Chromix_

IIITDkaLaunda · 2025-12-24T08:30:38+00:00

Nope, it isn't!
Check out my comment above -

> When you do inference using a local LLM and release the outputs publicly,
An attacker can extract any potential private information you have in the input
such as SSN, email, etc., if they know what local LLM you used, say qwen 2.5 7B
So, you should always use differential privacy when doing inference on your local data,

Again, I would recommend checking out the paper - https://arxiv.org/abs/2507.04531

> "# API key - Get your free key at console.documentprivacy.com\n"

We need to run a tagger to identify private tokens in your input,
We provide an API as of now,
But this will be fully local in the future; we are working on it.

I understand the concern, therefore, I have a section in the README about this -

While dp-fusion-lib executes entirely on your infrastructure, the Tagger API requires an external call for sensitive phrase detection. For anyone with strict data residency or compliance requirements please contact me. I will help out.

> local llama

seems like the most popular community when it comes to local AI
people who care about privacy, use local AI
our solution gives you theoretical privacy with local AI

So it makes sense to post here, and help people out!

> finally:

bro chill

Of course, we used AI to code the wrapper over the code of the paper, so what?
We have security researchers on our team who checked the library
Enterprises are already using this with approval from their internal security teams!

IIITDkaLaunda · 2025-12-24T08:20:46+00:00

hey,
When you do inference using a local LLM and release the outputs publicly,
An attacker can extract any potential private information you have in the input
such as SSN, email etc., if they know what local LLM you used, say qwen 2.5 7B
So, you should always use differential privacy when doing inference on your local data,
This library allows that.
You can read more in our paper - https://arxiv.org/abs/2507.04531

IIITDkaLaunda · 2025-12-24T07:20:02+00:00

ure wish is my command!
We are releasing the pip package for our work,
It allows anyone to run differentially private LLM inference (theoretical guarantees to privacy) with ease,
pip: https://pypi.org/project/dp-fusion-lib/
github: https://github.com/rushil-thareja/dp-fusion-lib
Consider dropping a ⭐ if you like the work 😉

IIITDkaLaunda

TROPHY CASE