Membership Inference Attacks for Retrieval Based In-Context Learning for Document Question Answering

ArXi:2605.04116v1 Announce Type: cross We show that remotely hosted applications employing in-context learning when augmented with a retrieval function to select in-context examples can be vulnerable to membership-inference attacks even when the service provider and users are separate parties. We propose two black-box membership inference attacks that exploit query text prefixes to distinguish member from non-member inputs. The first attack uses a reference model to estimate an otherwise unavailable loss metric.