It explains how embeddings -those seemingly innocuous vectors produced by language and retrieval models—actually carry compressed meaning from the original text, and thereby pose substantial privacy risks. For example, even when you don’t share the raw text, an embedding might still reveal whether a certain phrase appeared in the data (membership inference) or what domain it came from (reconstruction), simply because of its geometric “neighbourhood” in vector space. To help organisations quantify these risks, the author introduces the tool Embedding Leak Auditor (ELA), which simulates retrieval and inversion attacks on embeddings, evaluates defence strategies like noise or quantization, and shows how embeddings need to be governed just like any other sensitive data.
1 comments