Privacy Vulnerabilities of Attention Layers in Tabular Foundation Models and Protection of High-Risk Queries

AMIA: Attention-based membership inference attacks on tabular foundation models with k-anonymity defense

Researchers demonstrate that tabular foundation models using in-context learning are vulnerable to membership inference attacks (MIAs) via attention mechanism leakage, even when pre-trained on synthetic data. They introduce AMIA, a shadow-model-free attack exploiting transformer attention concentration patterns, achieving a 7.7% average gain over confidence-based attacks. A k-anonymity-inspired inference-time defense reduces membership leakage by 50% against AMIA and 25% against confidence-based attacks with only 3.9% performance degradation. The paper also shows fine-tuning amplifies memorization risk through confidence shifts.