Skip to content

Privacy-Preserving Machine Learning as a Service

Challenges and Architectures of Machine Learning Services in Hybrid Cloud Environments
Thomas Schuster, April 2025

Abstract

Cloud-based Machine Learning (ML) services promise scalability and accessibility, but also raise challenges regarding data privacy and environmental sustainability. This talk explores architectural patterns and strategies for enabling privacy-preserving ML-as-a-Service (MLaaS). Key approaches include secure model execution within controlled environments, hybrid AI service architectures, and frameworks for benchmarking utility-privacy trade-offs.

Materials

Download Slides (PDF) Download Article (PDF)

Motivation and Context

With the increasing integration of AI services in enterprises, issues like sensitive data exposure, regulatory compliance (GDPR, AI Act), and cloud resource consumption gain importance.

Key Challenges:

  • Data Exposure: Compliance with GDPR & AI Act regarding sensitive data.
  • Resource Consumption: High computational demands raise sustainability concerns.
  • Need: Verifiable, privacy-preserving, and scalable architectures are required.

Architectural Patterns

A detailed open-source reference architecture for the privacy-compliant deployment of LLMs and LLM-based applications can be found in our publication: Privacy-Compliant LLM Deployment: An Open-Source Reference Architecture.

Key approaches discussed in this talk are:

  • Controlled Execution Environments: Utilizing private, community, public clouds, or on-premises infrastructure for tailored security and compliance.
  • Hybrid AI Services: Processing sensitive data locally while outsourcing compute-intensive tasks (like training or inference) to the cloud. This reduces data exposure and optimizes resource usage.
  • Benchmarking Utility vs. Privacy: Systematically evaluating the trade-offs between model performance (utility) and data protection (privacy).

Individualization in Closed LLM Systems

Tailoring LLMs within closed systems offers:

  • Competitive Advantage: Custom services can improve market position.
  • Efficiency Gains: Integration of domain-specific terminology and formats reduces manual post-processing.
  • Seamless IT Integration: Embedding custom data sources and algorithms allows differentiation.

Computational Challenges and Scalability

Running large models locally presents challenges:

  • Resource Requirements: High demand for specialized hardware (GPUs/TPUs).
  • Optimization Strategies: Techniques like Quantization, model compression, using Small Language Models (SLMs), and Parameter-Efficient Fine-Tuning (PEFT) are crucial.
  • Scalability: Limited elastic scaling compared to public clouds; requires strategies like caching and parallel processing.

Utility-Privacy Trade-Offs

Evaluating the robustness of LLMs and LLM-based Systems is important, especially regarding privacy.

Needle-in-the-Haystack Testing

  • Problem: Standard benchmarks often test retrieval capabilities, not complex reasoning over long contexts.
  • Goal: Evaluate how well models perform complex reasoning tasks when relevant information ('needle') is hidden within a large amount of irrelevant text ('haystack'). This simulates scenarios like checking compliance in long documents.
  • Research Questions:
    1. How do context length and the position of the 'needle' affect model performance?
    2. How do different LLMs compare on this reasoning task?

Experimental Setup

  • Task: Verify if product descriptions violate cease-and-desist declarations (a complex reasoning task).
  • Data: Synthetic dataset with varying context lengths (up to 32k tokens).
  • Models Tested: LLaMa 3.1 (70B & 8B), Qwen2.5 (72B), Mixtral (8x22B), Mistral Large 2, GPT-4o mini.
  • Metrics: Accuracy, Precision, Recall, F1-score (macro and weighted).

Key Results

  • Performance (Accuracy) generally drops significantly when context exceeds ~2000 tokens.
  • Models struggle more when the 'needle' is placed in the middle of the context compared to the beginning or end.
  • Mistral Large 2 showed the most robust performance across different context lengths.
  • Conclusion: Current LLMs face challenges with reasoning over extended contexts. Architectural and model improvements are needed.
  • Detailed Results: LLM Needle Testing Website

Evaluation Pipeline Concept

A systematic pipeline for the quantitative assessment of privacy and utility across different MLaaS architectures is beneficial. Such a pipeline enables:

  • Modularity & Comparability: Evaluate and compare specific components or configurations systematically.
  • Automation & Scalability: Support automated testing and larger experimental setups.
  • Traceability & Debugging: Improve understanding of processes and identify areas for enhancement (e.g., using logs from tools like Langfuse or Prefect).

This facilitates integrating privacy and utility benchmarking directly into development and deployment workflows, also supporting a "Privacy-by-Design" approach.

Conclusion

  • Closed, privacy-compliant LLM architectures can enable sustainable and verifiable AI services.
  • Hybrid approaches (local processing + cloud compute) offer a balance between scalability, privacy, and control.
  • Systematic benchmarking of utility-privacy trade-offs is crucial for informed architectural decisions.
  • Robustness against information leakage and confabulation (hallucination) remains a key challenge, particularly in long-context reasoning tasks.

Research Agenda and Outlook

Future research directions aligned with the professorship:

  • Extending Evaluation:
    • Investigating reasoning failures more deeply across models and architectures.
    • Benchmarking memorization risks using tasks like 'Needle-in-the-Haystack'.
    • Integrating benchmarking pipelines into development workflows for 'Privacy-by-Design'.
  • Privacy and Compliance Validation (AI Act Readiness):
    • Developing automated tools for evaluating compliance of NLP/LLM/Agent applications.
    • Automating actions and recommendations based on compliance assessments (extending maturity assessment).
  • Energy efficiency and transparency of cloud-based AI.
  • Developer tooling for privacy by design.

This talk contributes to the discussion on how to build responsible, scalable, and verifiable AI services in the cloud.