Abstract:
The proliferation of open-weight models trained on vast, public datasets (that often include sensitive data) introduces a critical privacy challenge: how do we erase the influence of sensitive incorrect, or obsolete data after a model is pre-trained? While machine unlearning offers a promising direction, we argue that current methods are insufficient. They fail to defend against a critical threat we term test-time privacy, where an adversary can produce confidently incorrect predictions on corrupted data. To counter this threat, during the talk, we introduce a new approach centered on an old principle: inducing maximal uncertainty on protected data while preserving model performance elsewhere. This principle is formalized in a Pareto-optimal objective that explicitly balances test-time privacy with model utility. We further develop a certifiable approximation algorithm that achieves rigorous certified (ε, δ) guarantees, extending work in certified unlearning, notably without requiring restrictive convexity assumptions. This talk will demonstrate the effectiveness of this approach in safeguarding user data in modern machine learning models.
Bio:
Grigorios Chrysos is an Assistant Professor at the University of Wisconsin-Madison. Before that, Grigorios was a postdoctoral fellow at EPFL following the completion of his PhD at Imperial College London. He holds a diploma from the National Technical University of Athens. His research interests lie in trustworthy machine learning often working on architecture design, generative models, out-of-distribution detection and multilinear algebra. Grigorios was awarded a rising star award by CPAL. Grigorios serves as an Associate Editor for TMLR and an Area Chair for ML conferences (NeurIPS, ICLR, ICML), while he frequently publishes and organizes tutorials and workshops in top-tier venues (ICLR, NeurIPS, ISIT, CVPR, etc).