[2603.00811] Curation Leaks: Membership Inference Attacks against Data Curation for Machine Learning

Computer Science > Machine Learning arXiv:2603.00811 (cs) [Submitted on 28 Feb 2026] Title:Curation Leaks: Membership Inference Attacks against Data Curation for Machine Learning Authors:Dariush Wahdany (1), Matthew Jagielski (2), Adam Dziedzic (1), Franziska Boenisch (1) ((1) CISPA Helmholtz Center for Information Security, (2) Anthropic) View a PDF of the paper titled Curation Leaks: Membership Inference Attacks against Data Curation for Machine Learning, by Dariush Wahdany (1) and 3 other authors View PDF HTML (experimental) Abstract:In machine learning, curation is used to select the most valuable data for improving both model accuracy and computational efficiency. Recently, curation has also been explored as a solution for private machine learning: rather than training directly on sensitive data, which is known to leak information through model predictions, the private data is used only to guide the selection of useful public data. The resulting model is then trained solely on curated public data. It is tempting to assume that such a model is privacy-preserving because it has never seen the private data. Yet, we show that without further protection, curation pipelines can still leak private information. Specifically, we introduce novel attacks against popular curation methods, targeting every major step: the computation of curation scores, the selection of the curated subset, and the final trained model. We demonstrate that each stage reveals information about the pri...