LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why do the privacy techniques that work for tabular data break down for LLMs?

LLM data is unbounded text with unbounded per-document influence, sequential dependencies, interactive multi-turn use, and two attack surfaces (training and inference) — none of which classical DP assumptions hold for.

Classical privacy assumed tabular data: fixed rows/columns, fixed schemas, clear numerical/categorical bounds. LLMs violate every assumption:

Structured data LLM data Privacy impact
Fixed records (rows) Unbounded text (any sentence) Can't enumerate the outcome space
Known sensitivity (±1) Unbounded influence (one doc → ?) Can't calibrate noise precisely
Independent records Sequential dependencies Can't randomize independently
Query once Interactive (multi-turn) Privacy budget depletes rapidly
Static data Training + inference Two attack surfaces

The result: everything that made differential privacy tractable becomes intractable for LLMs.

Tip: A single document can change an LLM's behaviour in unbounded ways, and a multi-turn chat burns privacy budget fast. That's why "just add DP" doesn't save LLMs.

From Quiz: PRIVACY / Privacy in AI & ML — Differential Privacy, Synthetic Data & LLM Security | Updated: Jul 14, 2026