惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
W
WeLiveSecurity
Cyberwarzone
Cyberwarzone
H
Help Net Security
Spread Privacy
Spread Privacy
Jina AI
Jina AI
G
GRAHAM CLULEY
Project Zero
Project Zero
aimingoo的专栏
aimingoo的专栏
P
Palo Alto Networks Blog
云风的 BLOG
云风的 BLOG
B
Blog RSS Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
A
Arctic Wolf
L
LangChain Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
人人都是产品经理
人人都是产品经理
罗磊的独立博客
量子位
Microsoft Security Blog
Microsoft Security Blog
The Register - Security
The Register - Security
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
G
Google Developers Blog
小众软件
小众软件
Vercel News
Vercel News
V
Visual Studio Blog
IT之家
IT之家
C
Cisco Blogs
博客园 - 聂微东
Cisco Talos Blog
Cisco Talos Blog
Help Net Security
Help Net Security
S
Schneier on Security
PCI Perspectives
PCI Perspectives
C
Check Point Blog
V
Vulnerabilities – Threatpost
J
Java Code Geeks
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
GbyAI
GbyAI
N
News and Events Feed by Topic
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
SecWiki News
SecWiki News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tenable Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future

The Register

Grafana offers AI assistant for free, warns users not to go mad Right to repair champ Framework punts modular 13in laptop with Core Ultra Series 3 Scotland Yard can keep using live facial recognition on Londoners, say judges UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide Phone-to-satellite use goes into orbit, growing 25% in 8 months macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Anthropic bakes memory fixes into Bun 1.1.13 as developers complain of leaks The spaghettified DBMS chart that shows Oracle's crown is slowly slipping Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords FAA grounds Blue Origin's New Glenn as it probes missed satellite delivery 'mishap' AMD's Ryzen 9 9950X3D2 Dual Edition tested: Gratuitous overkill with a price to match AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters England's school phone ban gets teeth, just in time to bite no one Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war NASA Inspector fears new spacesuits won’t be ready for Moon landing Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Trump-branded datacenter project fails to make itself great, again World's blandest man steps down from CEO job to spend more time in tastefully appointed home Chase got a spiff of $77 million to create one job with New York datacenter Scot becomes second Scattered Spider-linked crook to plead guilty in US You too can build a nuclear battery from junk you have lying around the house Schmoozebots: study finds flattery will get AI everywhere One of Europe's sovereign cloud picks may not be so-sovereign after all New Android development tool designed for robots, not humans AI is reshaping Britain's datacenter map away from London HP's remote desktop push retreats as Anyware heads for end of life 'Invisible mouse' made a mess of PC rebuild NASA working on ‘Big Bang’ upgrade to keep the Voyagers alive for longer Indonesia’s game rating system paused amid claims it leaked developer creds and glimpses of major new titles Just like phishing for gullible humans, prompt injecting AIs is here to stay Atlassian’s new data collection policy protects rich customers while AI eats the rest Intel eases reliance on TSMC with 'Merica-made Core Series 3 processors NASA gets the ball rolling on its part in Europe's jinxed Mars rover mission Attention data hoarders: Alexa loses its Plex appeal as voice feature gets canned Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Would you like fries with that terminal? Capita won disastrous UK pensions gig after acing performance checks NodeWeaver says its perpetual licensing beats VMware’s perpetual price hikes Maine to pause big bit barns as local opposition spreads If you want into Anthropic's Claude club, you may have to show ID DuckDB uses RDBMS to tackle lakehouse 'small changes' issue Iran has something America can only dream of: cheap broadband Brussels tells Google to hand rivals its search crown jewels as privacy row brews Visual Studio 18.5 lands with AI debugging at a price Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Obsolete Google nag drowns out vital bar information at Swedish concert hall Cops hand Motorola £25M to keep 2000-era radios alive Server-room lock was nothing but a crock QUIC will soon be as important as TCP – but it's vastly different Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Allbirds shoe company moving to AI infra is the top 20-year-old Enlightenment E16 bug finally gets patched Bad teacher bots can leave hidden marks on model students Autovista blames ransomware for service disruption Networks not ready for the challenges of AI traffic Windows takes a crash dump after one McDonald's too many French cops free mother and son after crypto kidnapping US states can't account for datacenter tax breaks. Literally Salesforce debuts Headless 360 agentic platform Fission impossible: Uncle Sam wants nuclear power in space UK told its Big Tech habit is now a national security risk UKAEA lays out roadmap to take Britain closer to fusion Waymo's self-driving cars face their toughest test yet: London The only technology that died more times than VR is AI, and that seems to have worked out Boeing soars past Airbus for the first time in years Commvault has a Ctrl+Z for rogue AI agents Nvidia slaps forehead: AI, that's what quantum needs! Oracle taps Bloom for fuel cells to support datacenter binge GitHub recalls Phabricator with preview of Stacked PRs Physicist proposes two-button calculator Amazon pays $11.5B to satisfy satellite-envy while cowering in Musk's shadow No honor among thieves as 0APT threatens rival ransomware gang Krybit NASA insiders oddly relaxed about latest budget threats Microsoft raises UK Surface prices as RAM crisis reaches the checkout OpenAI CEO Sam Altman home attack suspect charged Microsoft kills off Outlook Lite as memory costs skyrocket UK state bank considers lengthening disastrous IT program Japan going back to the future by reviving its chip industry Windows Update: Torture chamber for seldom-used PCs Japanese rocket came unglued, causing mission fail Here's how to watch the Artemis II splashdown Britain's biggest nuclear site skips competition, hands SAP £33M to start ERP switch Tech support chap's boss got him out of jail so he could finish a job World's smallest violin spotted at Amazon HQ as exec pay packets deflate Deere oh Deere: Tractor repair row heads for $99M settlement Spark creator bags computing gong for making big data a little bit smaller Microsoft locks out VeraCrypt and WireGuard devs, blames verification process Peace President's Iran war piles more pain on already battered PC market Amazon put a filesystem on S3; I showed up with a test suite and bad intentions UK to spend £15M on AI-powered crime mapping in knife violence crackdown DARPA looking for battery that could power a laptop for months Call your existing automation ‘zero-token architecture’ to become an instant agentic AI wiz
Medical diagnosis AIs can be tricked into telling whose data trained them
Brandon Vigliarolo · 2026-06-24 · via The Register

ai + ml

Did you read all the documents you signed last time you had a medical test?

AI models used to help diagnose medical conditions have a problem: They’re ready and willing to identify patients whose data was used to train them.

German researchers reported in a Nature paper published Wednesday that discriminative AI models - those used to classify data and make predictions about new inputs based on their training sets - are particularly susceptible to membership inference attacks (MIAs) that query the models in an attempt to figure out whether a particular datapoint is included in their training sets. 

What that means for medical AI models is that any patient whose data is used to educate the bot could be exposed, leading to details about their medical history and diagnoses being leaked. In an analysis of seven medical AI datasets consisting of images, ECG records, and general electronic health records, the team determined that individual patients targeted by such attacks can be identified with “near-perfect attack success,” which they explain flies in the face of how such models are evaluated for safety. 

“The fact that MIAs can achieve near-perfect success rates for individual patients is not adequately captured by the standard evaluation protocol, which measures attack success in aggregate across records,” the researchers said. Based on their findings, they conclude, reporting standards for AI privacy audits need to change. 

It gets worse, too: Patients in the dataset are generally easy to identify and, unsurprisingly, those underrepresented in medical AI training data are even easier to finger than those whose data doesn’t stand out. 

Underrepresented groups can include those in a number of sensitive categories: Race, insurance status, sex, the protocol used to conduct medical imaging, and certain disease statuses can all function as outliers that make it easier to identify individuals. 

“Generally speaking, privacy risks from MIAs become more severe as a model’s training cohort becomes more specific,” Technical University of Munich AI in Healthcare and Medicine chair and paper lead author Moritz Knolle told The Register in an email conversation. “You could imagine … scenarios where membership in a training dataset reveals that someone has a dormant genetic condition such as Huntington's disease, depression, or attended a specific, specialised treatment clinic.” 

In other words, exposing healthcare AI training data could be used to identify those with sensitive health conditions, spill secrets they may not want public, or otherwise fuel discrimination. 

To make things even worse again, the larger the dataset, the easier it is to expose records, and “the magnitude of this change in patient-level risk was previously unknown” in larger models. 

The privacy devil in the data details

This is bad and all, but it’s not necessarily the end of the world, as performing an MIA attack on a medical AI model supposes the attacker already has a few things at their disposal, namely at least some medical data belonging to the people they want to identify. 

“To conduct a MIA an attacker needs access to a target data point,” Knolle confirmed to us while also noting that their paper revealed access to a full patient data point isn’t needed, in contrast to what was previously believed. “In our paper we show that an attacker with partial access can still successafully conduct MIAs.” 

The MIA attack itself, as detailed in the paper, relies on medical AIs being more certain of their predictions if the input data is already part of their training set. A potential attacker, then, simply peppers an AI model with obtained patient data, checks the confidence level, and surmises that said patient is part of the training data. 

“An attacker conducting a MIA does not need to know who the data belongs to that they are trying to conduct the MIA with,” Knolle explained. “In fact, all the dataset we use in our study were anonymized.”

Anonymized in the datasets, but not the target data, that is. As explained in the paper their MIA attacks were largely error-free at the individual patient level, meaning confidence levels are an accurate way to figure out if a particular patient's data is part of a training set. 

“The attacker would simply need access to someone’s blood test results, or part of these results” in order to infer inclusion, Knolle said. 

Of course, they have to get that data first, but given how frequently healthcare data is exposed in breaches, it’s not exactly hard to imagine a bad actor getting ahold of something they can use.  

“Given that medical data is not always securely stored it is not unthinkable that an attacker could get access, for example, by gaining unauthorized access to the database of your general practitioner after they performed a routine blood test,” Knolle said. 

How to protect patient data?

Asked what he hopes this research accomplishes, Knolle told us he just wants the medical world to understand that AI training data needs to be better secured. 

“I hope that the medical AI community will start to take privacy risks seriously and that risk mitigation techniques are used in situations where they are necessary,” Knolle said. 

The researchers make several recommendations for how to do this, like through the use of differential privacy frameworks that are designed to mathematically guarantee training data remains anonymous - a key consideration if medical AI firms want patients to trust them with their data. 

As mentioned above, the team also wants to see privacy audit standards change to consider individual-level data, not just aggregate privacy risks. Alternatively, medical AI training data could just be compiled so that underrepresented groups are better represented, Knolle said. 

“There are many situations where a successful MIA represents a small or negligible privacy violation,” Knolle noted. “These are situations where AI models are trained on large, general populations in which both healthy and diseased individuals are represented in sufficient numbers.”

Representation, in other words, definitely matters when it comes to keeping patient data private. ®