![[2602.16697] Protecting the Undeleted in Machine Unlearning](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.16697] Protecting the Undeleted in Machine Unlearning
Summary
The paper discusses machine unlearning, focusing on the privacy risks associated with undeleted data when specific data points are removed from trained models. It proposes a new security definition to protect remaining data from potential reconstruction attacks.
Why It Matters
As machine learning models increasingly handle sensitive data, ensuring privacy during data deletion becomes critical. This research highlights vulnerabilities in current unlearning methods and introduces a framework that enhances data security, making it relevant for developers and researchers in AI safety.
Key Takeaways
- Machine unlearning can expose undeleted data to privacy risks.
- Current definitions of machine unlearning are either too weak or too restrictive.
- A new security definition is proposed to protect undeleted data from reconstruction attacks.
- The proposed framework allows essential functionalities while safeguarding privacy.
- Understanding these vulnerabilities is crucial for improving AI safety measures.
Computer Science > Machine Learning arXiv:2602.16697 (cs) [Submitted on 18 Feb 2026] Title:Protecting the Undeleted in Machine Unlearning Authors:Aloni Cohen, Refael Kohen, Kobbi Nissim, Uri Stemmer View a PDF of the paper titled Protecting the Undeleted in Machine Unlearning, by Aloni Cohen and 3 other authors View PDF HTML (experimental) Abstract:Machine unlearning aims to remove specific data points from a trained model, often striving to emulate "perfect retraining", i.e., producing the model that would have been obtained had the deleted data never been included. We demonstrate that this approach, and security definitions that enable it, carry significant privacy risks for the remaining (undeleted) data points. We present a reconstruction attack showing that for certain tasks, which can be computed securely without deletions, a mechanism adhering to perfect retraining allows an adversary controlling merely $\omega(1)$ data points to reconstruct almost the entire dataset merely by issuing deletion requests. We survey existing definitions for machine unlearning, showing they are either susceptible to such attacks or too restrictive to support basic functionalities like exact summation. To address this problem, we propose a new security definition that specifically safeguards undeleted data against leakage caused by the deletion of other points. We show that our definition permits several essential functionalities, such as bulletin boards, summations, and statistical lear...
