Document Type

Conference Paper

Publication Date

2025

Publication Title

Proceedings of the 34th USENIX Security Symposium

Pages

8155-8173

Conference Name

34th USENIX Security Symposium, August 13-15, 2025, Seattle, Washington

Abstract

Large Language Models (LLMs) exhibit strong natural language processing capabilities but also pose significant privacy risks, particularly regarding the leakage of Personally Identifiable Information (PII) embedded in their training data. Existing PII extraction methods suffer from the limitations of low success rates or impracticality for large-scale PII extraction. In this study, we propose a novel PII extraction approach based on enhanced few-shot learning techniques, which achieves efficient and cost-effective PII retrieval without relying on fine-tuning or jailbreaking. We evaluated our approach on both open-source and closed-source LLMs. The experimental results demonstrate that, for non-targeted PII extraction, the attack success rate reaches 48.9%, extracting one authentic PII per two queries at a cost of $0.012 per PII. For targeted PII extraction, our approach surpassed state-of-the-art methods, achieving a 10% to 60% improvement in attack success rates. Additionally, an exploratory analysis of the origins of extracted PII revealed the significant scale of potential privacy breaches. Our work advances the understanding of LLM-induced privacy risks and underscores the vulnerability of partial personal data to large-scale exploitation.

Rights

© 2025 The Authors.

Included with the kind written permission of the authors.

Original Publication Citation

Cheng, S., Meng, S., Xu, H., Zhang, H., Hao, S., Yue, C., Ma, W., Han, M., Zhang, F., & Li, Z. (2025). Effective PII extraction from LLMs through augmented few-shot learning. In, Proceedings of the 34th USENIX Security Symposium (pp. 8155-8173). USENIX Association. https://www.usenix.org/conference/usenixsecurity25/presentation/cheng-shuai

ORCID

0000-0001-7483-5252 (Hao)

Download

Share

COinS