What is a membership inference attack and what data leakage risk does it pose?

A membership inference attack tries to decide whether a particular data record was included in the model’s training data by querying the model and examining its responses. The data leakage risk comes from the model often behaving slightly differently on data it has seen during training versus new data. If an attacker can observe the model’s outputs—especially confidence scores or likelihoods—they can use those signals to infer that the specific data point was part of the training set. This can expose individuals’ data and, depending on the context, reveal sensitive attributes tied to that data, such as health information or demographic details. While other threats like stealing model parameters or backdoors describe other attack vectors, and simply claiming the model won’t reveal training data misses the practical leakage that can occur through outputs and confidence signals.