This work investigates the fundamental statistical limits of membership inference attacks (MIAs) in machine learning. Focusing on nonlinear regression and overfitting regimes, it establishes the first theoretical characterization—grounded in statistical inference and information theory—of the core statistical quantity governing MIA success, and derives tight upper and lower bounds on the attack’s success probability. Key contributions are: (1) revealing that MIA efficacy is fundamentally constrained by a diversity constant intrinsic to the underlying data distribution; (2) proving that input discretization substantially degrades MIA advantage, with the resulting privacy gain quantitatively governed by this same diversity constant; and (3) rigorously validating these findings via both theoretical analysis and extensive simulations, thereby providing an interpretable, quantifiable statistical foundation for privacy risk assessment and defense design.

Membership inference attacks (MIA) can reveal whether a particular data point was part of the training dataset, potentially exposing sensitive information about individuals. This article provides theoretical guarantees by exploring the fundamental statistical limitations associated with MIAs on machine learning models at large. More precisely, we first derive the statistical quantity that governs the effectiveness and success of such attacks. We then theoretically prove that in a non-linear regression setting with overfitting learning procedures, attacks may have a high probability of success. Finally, we investigate several situations for which we provide bounds on this quantity of interest. Interestingly, our findings indicate that discretizing the data might enhance the learning procedure's security. Specifically, it is demonstrated to be limited by a constant, which quantifies the diversity of the underlying data distribution. We illustrate those results through simple simulations.