What future research directions aim to improve privacy in AI systems?
Machine unlearning, federated learning, better privacy auditing, and formal verification of prompt safety.
* One federated-learning round: only model updates leave the device; raw data stays put. *

* Federated learning keeps raw data on-device. — MarcT0K, CC BY-SA 4.0, via Wikimedia Commons. *
The active research frontier:
- Machine unlearning — remove specific data from a trained model without full retraining (e.g. to honor a deletion request or scrub leaked PII).
- Federated learning — train models without centralizing sensitive data; only model updates leave the device.
- Better privacy auditing — tools to detect and measure privacy leakage at scale.
- Formal verification — mathematical proofs for prompt safety (very early stage).
The honest summary ("are we doomed?"): no perfect solution exists, training-time privacy has huge utility costs, and inference-time safeguards can be bypassed — but we understand the threat landscape, have partial mitigations, deploy carefully with defense-in-depth, and research is active.
Tip: "Machine unlearning" is the holy grail for the right-to-be-forgotten era — retraining a frontier model from scratch to delete one person's data is infeasible, so we need to surgically forget.
Go deeper:
Machine unlearning (Wikipedia) — the "surgically forget" frontier (the right-to-be-forgotten holy grail).
Federated learning (Wikipedia) — the decentralized-training direction among future approaches.