Keeping sensitive data safe in artificial intelligence (AI) systems is a big challenge.
While there are ways to protect personal information—like home addresses or medical records—these privacy tools often make AI less accurate.
Now, researchers at MIT have developed a new way to protect data that doesn’t hurt performance and works much faster than before.
Their method is built on a concept called PAC Privacy.
This privacy framework helps AI developers figure out how much random noise needs to be added to an AI system to keep its training data private.
Adding noise is a common way to protect data, but too much of it can damage the model’s accuracy. The goal is to add just enough noise to block attackers without making the model worse at its job.
In this latest work, the MIT team improved the original PAC Privacy method to make it far more efficient.
Instead of using large, complex calculations, their new version only needs to measure simple output variations. This makes the process faster and easier to use on large datasets.
Even better, the new method can now tailor the noise more precisely. Older techniques added noise evenly in every direction, which sometimes meant adding more than necessary.
The updated approach adds noise based on the unique features of the data, so less is needed overall. This means the model can stay accurate while still keeping the training data private.
One exciting discovery the researchers made is that more stable algorithms are easier to protect with PAC Privacy.
A stable algorithm gives similar results even when its training data changes a little. Because the output doesn’t vary much, less noise is needed to keep it private. In some cases, this creates a “win-win” situation: better accuracy and stronger privacy at the same time.
Lead author Mayuri Sridhar, a Ph.D. student at MIT, says this changes how we think about privacy and performance.
Instead of viewing privacy as something that harms performance, we can now design smarter, more stable algorithms from the start—ones that are easier to protect without extra cost.
The team tested their method on several classic algorithms and showed that it worked well, even under attack simulations. They also created a four-step process that can help developers apply PAC Privacy to almost any algorithm, without needing to see its internal code.
Their work will be presented at the IEEE Symposium on Security and Privacy. Looking ahead, the researchers plan to explore how PAC Privacy can be built into more complex systems and how to design algorithms that are private, stable, and high-performing right from the beginning.
