# Day 21 Model Inversion ## Model Inversion Attacks – Reconstructing Faces from ML Models 🀯
> Imagine asking an AI model about diabetes risk β€” and reconstructing a patient’s face.\ > That’s not sci-fi. That’s model inversion β€” and it’s happening now. *** ### πŸ” What Is Model Inversion? Model Inversion Attacks aim to **reconstruct sensitive input features** (like faces, DNA, or text) using a model’s **outputs** β€” especially when it’s overfit or exposes **confidence scores**. 🧠 When trained on PII-rich data, models can unintentionally **leak individual details** from the training set. *** ### πŸ§ͺ Real-World Example **πŸ“š Fredrikson et al. (2015):** * Trained a model to predict warfarin dosage. * By probing the model with known inputs, they **reconstructed genetic markers** of real patients. **🎭 Facial Recognition:**\ Similar attacks recreated **faces** from facial recognition models β€” just by analyzing output scores. *** ### 🧠 Different Models, Different Risks * πŸ–ΌοΈ **Image Models**: Attackers can recreate training images. * πŸ“„ **Text Models (LLMs)**: May regenerate secrets, passwords, or emails. * πŸ“Š **Graph Models**: Can leak node attributes or private edges. *** ### πŸ” Defenses (Summary) βœ… Don’t expose **confidence scores** or **logits** publicly.\ βœ… Train with **differential privacy**.\ βœ… Use **dropout/regularization** to reduce memorization.\ βœ… **Monitor** for unusual query patterns (e.g., mass probing). *** ### ❗ Model Inversion vs Membership Inference | Attack Type | Goal | Input | Output | | ------------------------ | ------------------------------ | ----------------- | -------------------- | | **Model Inversion** | Rebuild sensitive data | Model outputs | Reconstructed inputs | | **Membership Inference** | Detect if data was in training | Model + datapoint | Yes / No | *** ### πŸ’¬ Thought Starter > Would you expose **top-5 predictions with confidence scores** in production?\ > How do you balance **model utility** vs **user privacy**? *** ### πŸ”— Resources * πŸ“™ **Recap of Day 1–20**: [LinkedIn Post](https://www.linkedin.com/posts/mohd--arif_100daysofaisec-100daysofaisec-mlsecurity-activity-7327558186935156736-619f) * πŸ“˜ **GitBook (All Posts)**: [100 Days of AI Sec](https://arif-playbook.gitbook.io/100-days-of-ai-sec) *** ### 🏷️ Tags \#100DaysOfAISec #AISecurity #MLSecurity #ModelInversion #CyberSecurity #AIPrivacy #AdversarialML #LearningInPublic #MachineLearningSecurity #100DaysChallenge #ArifLearnsAI #LinkedInTech