What is a model inversion attack and what risk does it pose?

Model inversion attacks exploit a model’s outputs to reveal information about the data used to train it. By querying the model and analyzing how it responds, an attacker can reconstruct inputs that likely produced those outputs or infer sensitive attributes of individuals represented in the training data. This creates a privacy risk because private training data—such as personal identifiers, health records, or other sensitive details—can be exposed even if that data wasn’t directly leaked. In short, the attack turns what the model reveals about its outputs into a path to recover or infer private training information. The other options describe different threats—blocking access to predictions, embedding backdoors to steal weights, or enforcing authentication to prevent inference—which do not involve reconstructing training data from model outputs.