Which privacy-preserving ML techniques are commonly used in SecAI+ and what are their trade-offs?

In SecAI+ the goal is to protect user data while still training useful models, which leads to using a mix of privacy-preserving techniques rather than a single method. Differential privacy adds carefully calibrated noise to data or model updates, providing a measurable privacy guarantee, but this noise reduces the model’s accuracy and overall utility depending on how strict the privacy budget is. Federated learning keeps raw data on user devices and only shares model updates with a central orchestrator, which lowers direct data exposure but brings engineering complexity and communication overhead, and it can still leak information through the updates unless additional protections like secure aggregation or differential privacy are used. Secure enclaves offer a trusted hardware boundary where training computations run in isolation, improving confidentiality, yet they depend on the security of the hardware and can introduce performance overhead and potential side-channel risks. Taken together, these approaches involve trade-offs among utility, system complexity, and computational or communication overhead, which is why a combination is used rather than a single technique.