Developing Secure Privacy-Preserving AI Models at Google
Session Number
2
Advisor(s)
Jonathan Katz, Google
Location
IN2 Learning Lab
Discipline
Business
Start Date
15-4-2026 11:10 AM
End Date
15-4-2026 11:55 AM
Abstract
Modern machine learning models that have access to images also have access to information about real individuals who are vulnerable to privacy leakage from these models. Diffusion models, a powerful class of image generation models, are now used widely in privacy-sensitive fields such as medicine and consumer tech, yet differential privacy, the standard mathematical framework that provides rigorous privacy guarantees, often severely degrades model performance when applied to complex generative models. This begs the question: "How can we benefit from innovations like diffusion models without putting people at risk?" The goal of our project was to develop a novel mathematical framework that exploits the inherent randomness in diffusion processes to achieve differential privacy with minimal performance loss. We identified limitations in current industry standard approaches to design our own framework. We then implemented and tested on standard benchmarks. Instead of adding privacy costs during training, our framework releases a protected version of the data upfront and discards the originals. This makes all subsequent computation mathematically safe with no additional privacy cost. When tested, our framework demonstrated an improvement in model quality over existing methods at equivalent privacy guarantees.
Developing Secure Privacy-Preserving AI Models at Google
IN2 Learning Lab
Modern machine learning models that have access to images also have access to information about real individuals who are vulnerable to privacy leakage from these models. Diffusion models, a powerful class of image generation models, are now used widely in privacy-sensitive fields such as medicine and consumer tech, yet differential privacy, the standard mathematical framework that provides rigorous privacy guarantees, often severely degrades model performance when applied to complex generative models. This begs the question: "How can we benefit from innovations like diffusion models without putting people at risk?" The goal of our project was to develop a novel mathematical framework that exploits the inherent randomness in diffusion processes to achieve differential privacy with minimal performance loss. We identified limitations in current industry standard approaches to design our own framework. We then implemented and tested on standard benchmarks. Instead of adding privacy costs during training, our framework releases a protected version of the data upfront and discards the originals. This makes all subsequent computation mathematically safe with no additional privacy cost. When tested, our framework demonstrated an improvement in model quality over existing methods at equivalent privacy guarantees.