Phantoms and Disclosures: a Causal Framework for Auditing Synthetic Data

22d ago · Global · primary source: export.arxiv.org

A new auditing framework aims to separate genuine privacy violations from coincidental matches in synthetic data, addressing a critical blind spot as organizations increasingly turn to AI-generated datasets to protect sensitive information. The framework, detailed in a paper submitted to arXiv on June 15, 2026, introduces a method to distinguish between what the researchers call "true disclosures" — where a model directly reproduces a user's information — and "phantom disclosures," which occur incidentally regardless of whether the user's data was included in training [1][2]. The distinction carries immediate practical weight: in experiments on a finance dataset, phantoms accounted for 271 of 763 detected personally identifiable information matches, or over 35 percent of apparent privacy violations [3][6]. "Naïve disclosure counts dramatically overstate privacy risk," the authors write [3][6]. The approach partitions input data into training and holdout sets, then applies statistical hypothesis testing to determine whether observed disclosures align with strict privacy baselines such as zero-learning or specific Differential Privacy bounds [1][2]. It requires no access to the underlying model, no insertion of canary data, and no training of a reference model — only the synthetic output and a held-out control set [1][2]. The researchers describe the method as model-agnostic, applicable to any synthetic data generation mechanism, and requiring "orders of magnitude fewer computational resources than shadow-model or canary-based alternatives" [1][2]. The work lands amid broader efforts to build trust in synthetic data. A separate 2023 proposal outlined a holistic auditing framework spanning fidelity, privacy, utility, fairness, and robustness, with a trustworthiness index designed to rank synthetic datasets and guide model selection [5]. That framework produced transparency templates for audit reports, aiming to connect stakeholders from model development to certification [5]. A 2026 paper on generated student data similarly treated privacy evaluation as a release-governance screen, noting that empirical disclosure checks and formal privacy budgets are "complementary but not interchangeable" [4]. The new framework also functions as a membership inference attack, providing empirical lower bounds on privacy leakage that the authors say are tighter than those from prior data-based auditing methods [1][2]. By grounding the phantom disclosure rate in holdout data, the system offers a statistical mechanism to audit synthetic data against strong privacy guarantees without requiring cooperation from the model's creator [3][6].

tool-releaseresearch-paperinfrastructure

Background sources we checked (10)
  • arxiv.org ↗ The rapid adoption of generative AI and Large Language Models (LLMs) has spurred interest in synthetic data as a privacy-preserving alternative to sensitive real-world datasets. However, generating high-utility synthetic data often carries the risk of memorizing and regurgitating…
  • arxiv.org ↗ The rapid adoption of generative AI and Large Language Models (LLMs) has spurred interest in synthetic data as a privacy-preserving alternative to sensitive real-world datasets. However, generating high-utility synthetic data often carries the risk of memorizing and regurgitating…
  • arxiv.org ↗ decision-facing causal-privacy audit workflow for evaluating generated student data under a ... fixed estimand, timing-aware adjustment design, estimator set, and empirical privacy-governance ... screen. The workflow compares original, distilled, adversarial synthetic, statistica…
  • arxiv.org ↗ To address these challenges, we propose a framework for auditing the trustworthiness of synthetic data that is holistic, transversal across different modalities (tabular, time-series, computer vision and natural language) and assess the uncertainty in auditing a generative model …
  • arxiv.org ↗ # Phantoms and Disclosures: a Causal Framework for Auditing Synthetic Data ... The rapid adoption of generative AI and Large Language Models (LLMs) has spurred interest in synthetic data as a privacy-preserving alternative to sensitive real-world datasets. However, generating hig…
  • info.arxiv.org ↗ arXiv Labs - arXiv info | arXiv e-print repository Skip to content # arXiv Labs Attention arXiv Users: arXiv Labs is pausing new proposals ## What are arXiv Labs? arXiv Labs are a way for the community to contribute new, useful features to arXiv. These integrations are avail…
  • blog.arxiv.org ↗ arXivLabs: a space for community innovation – arXiv blog arXiv has launched a new, formalized framework enabling innovative collaborations with individuals and organizations. “Members of our community want to contribute tools that enhance the arXiv experience, and we val…
  • info.arxiv.org ↗ arXivLabs: Showcase - arXiv info | arXiv e-print repository ... # arXivLabs: Showcase ... arXiv is surrounded by a community of researchers and developers working at the cutting edge of information science and technology. ... While the arXiv team is focused on our core mission—pr…
  • en.wikipedia.org ↗ arXiv (pronounced as "archive"—the X represents the Greek letter chi ⟨χ⟩) is an open-access repository of electronic preprints and postprints (known as e-prints) approved for posting after moderation, but not peer reviewed. It consists of scientific papers in the fields of mathem…
  • en.wikipedia.org ↗ 14 (fourteen) is the natural number following 13 and preceding 15.…

Sources

Spot something wrong? Report an issue