Jan Dubiński

Jan Dubiński

PhD Student @ Warsaw University of Technology & NASK National Research Institute. AI Safety / Trustworthy ML / Generative Models

Privacy Attacks on Image Autoregressive Models

Published in International Conference on Machine Learning (ICML), 2025

Image AutoRegressive generation has emerged as a new powerful paradigm with image autoregressive models (IARs) matching state-of-the-art diffusion models (DMs) in image quality (FID: 1.48 vs. 1.58) while allowing for a higher generation speed. However, the privacy risks associated with IARs remain unexplored, raising concerns regarding their responsible deployment. To address this gap, we conduct a comprehensive privacy analysis of IARs, comparing their privacy risks to the ones of DMs as reference points. Concretely, we develop a novel membership inference attack (MIA) that achieves a remarkably high success rate in detecting training images (with a True Positive Rate at False Positive Rate = 1% of 86.38% vs. 6.38% for DMs with comparable attacks). We leverage our novel MIA to provide dataset inference (DI) for IARs, and show that it requires as few as 6 samples to detect dataset membership (compared to 200 for DI in DMs), confirming a higher information leakage in IARs. Finally, we are able to extract hundreds of training data points from an IAR (e.g., 698 from VAR-d30). Our results suggest a fundamental privacy-utility trade-off: while IARs excel in image generation quality and speed, they are empirically significantly more vulnerable to privacy attacks compared to DMs that achieve similar performance.

Recommended citation: Kowalczuk, A., Dubiński, J., Boenisch, F., & Dziedzic, A. (2025). "Privacy Attacks on Image Autoregressive Models." In ICML 2025.
Paper

@inproceedings{DBLP:conf/icml/KowalczukDBD25,
  author       = {Antoni Kowalczuk and Jan Dubinski and Franziska Boenisch and Adam Dziedzic},
  title        = {Privacy Attacks on Image AutoRegressive Models},
  booktitle    = {Forty-second International Conference on Machine Learning, {ICML} 2025, Vancouver, BC, Canada, July 13-19, 2025},
  series       = {Proceedings of Machine Learning Research},
  publisher    = {{PMLR} / OpenReview.net},
  year         = {2025},
  url          = {https://proceedings.mlr.press/v267/kowalczuk25a.html},
}