This paper systematically uncovers privacy leakage mechanisms of large language models (LLMs) in training data extraction, membership inference, and model inversion. It introduces the first holistic analytical framework integrating multi-dimensional attack paradigms with cross-layer defense strategies. Methodologically, it unifies federated learning, confidential computing, backdoor mitigation, and inference-time detection to establish a structured risk taxonomy and an evaluation benchmark for defense efficacy. Key contributions are: (1) the first three-dimensional analytical model spanning risk mechanisms, defense techniques, and governance pathways; (2) identification of three emerging research directions—privacy risk assessment, secure knowledge transfer, and privacy-governance intersection; and (3) theoretical foundations and actionable guidelines for trustworthy deployment and regulatory compliance of LLMs.

Although Large Language Models (LLMs) have become increasingly integral to diverse applications, their capabilities raise significant privacy concerns. This survey offers a comprehensive overview of privacy risks associated with LLMs and examines current solutions to mitigate these challenges. First, we analyze privacy leakage and attacks in LLMs, focusing on how these models unintentionally expose sensitive information through techniques such as model inversion, training data extraction, and membership inference. We investigate the mechanisms of privacy leakage, including the unauthorized extraction of training data and the potential exploitation of these vulnerabilities by malicious actors. Next, we review existing privacy protection against such risks, such as inference detection, federated learning, backdoor mitigation, and confidential computing, and assess their effectiveness in preventing privacy leakage. Furthermore, we highlight key practical challenges and propose future research directions to develop secure and privacy-preserving LLMs, emphasizing privacy risk assessment, secure knowledge transfer between models, and interdisciplinary frameworks for privacy governance. Ultimately, this survey aims to establish a roadmap for addressing escalating privacy challenges in the LLMs domain.