Privacy Auditing with Zero (0) Training Run
Tudor Cebere ( Inria )
- 14:00 29th June 2026 ( week 10, Trinity Term 2026 )Seminar room 051
Privacy auditing estimates empirical lower bounds on the differential privacy parameters of learning algorithms. Most existing audits require retraining or controlled randomization of training-set membership, which is often impractical for large, deployed models. We introduce Zero-Run privacy auditing, a post-hoc framework that uses two fixed datasets: known training members and known non-members. In this observational setting, membership-inference scores may reflect a distribution shift rather than privacy leakage. Drawing on ideas from causal inference, we formalize this confounding and develop two valid corrections: a conservative global correction based on adaptive composition, and a sharper instance-dependent correction that conditions on observed data. Experiments on synthetic data and large-scale models show that Zero-Run enables practical privacy auditing when retraining or controlled data insertion is unavailable.
Bio: Tudor Cebere is a PhD student at Inria, supervised by Aurélien Bellet. His research focuses on differential privacy and privacy auditing, with an emphasis on practical methods for evaluating privacy guarantees in machine learning systems. He is a 2025 Google PhD Fellow in Privacy, Safety, and Security.