To mitigate privacy breaches and copyright violations arising from unauthorized web crawling and memorization of sensitive web content during large language model (LLM) training, this paper proposes ExpShield—a proactive, self-defense mechanism for web text. ExpShield embeds human-imperceptible, targeted textual perturbations that preserve readability while enhancing robustness against model memorization. Its key contributions are: (1) the first perturbation strategy guided by memory-triggering point identification; (2) a novel metric, “instance-level abuse risk,” quantifying the likelihood of individual data being misused; and (3) a pre-training, owner-centric defense paradigm requiring no third-party involvement or infrastructure modification. Experiments demonstrate that ExpShield reduces the area under the ROC curve (AUC) of membership inference attacks from 0.95 to 0.55—near random guessing—and drives instance-level abuse risk to near zero, effectively preventing individual data leakage during LLM training.

As large language models (LLMs) increasingly depend on web-scraped datasets, concerns over unauthorized use of copyrighted or personal content for training have intensified. Despite regulations such as the General Data Protection Regulation (GDPR), data owners still have limited control over the use of their content in model training. To address this, we propose ExpShield, a proactive self-guard mechanism that empowers content owners to embed invisible perturbations into their text, limiting data misuse in LLMs training without affecting readability. This preemptive approach enables data owners to protect sensitive content directly, without relying on a third-party to perform defense. Starting from the random perturbation, we demonstrate the rationale for using perturbation to conceal protected content. We further enhance the efficiency by identifying memorization triggers and creating pitfalls to diverge the model memorization in a more focused way. To validate our defense's effectiveness, we propose a novel metric of instance exploitation which captures the individual risk raised by model training. The experimental results validate the effectiveness of our approach as the MIA AUC decreases from 0.95 to 0.55, and instance exploitation approaches zero. This suggests that the individual risk does not increase after training, underscoring the significance of proactive defenses in protecting copyrighted data.