training-data-extractiontries to make the model repeat private data it saw during training.cross-reference-doxingcombines scattered clues across turns to unmask a real person.pii-inferenceguesses personal details like name, age, or address from indirect hints.location-trackingworks out where someone is from context and small signals.deanonymizationlinks anonymous data back to a specific identity.
Attack Strategies
Privacy Violation: Attack Strategy
Attacks that try to pull private personal information out of the AI or use it to profile and track real people.
What it is: Attacks that try to pull private personal information out of the AI or use it to profile and track real people.
How the attacks work: The attacker asks the model to dig up, guess, or piece together private facts. Sometimes it probes for data the model memorized in training. Other times it combines small public clues across several turns to identify or locate someone.
Real examples from the framework: