This work addresses the risk of privacy leakage in large language models due to excessive memorization of training samples during parameter-efficient fine-tuning. To mitigate this, the authors propose a privacy auditing framework that leverages high-temperature sampling to generate interpretable, non-private, and reproducibly insertable synthetic “canary” samples, complemented by an auxiliary model auditing mechanism tailored for synthetic data. By employing membership inference and reconstruction attacks, the method precisely quantifies model memorization behavior and systematically reveals the interplay between model capacity and canary entropy in driving memorization. This approach substantially enhances the rigor and practicality of privacy auditing and establishes a novel paradigm for evaluating privacy leakage specifically in the context of synthetic data.

Parameter-efficient fine-tuning of large language models (LLMs) can exhibit problematic memorization of individual training examples. Empirical privacy auditing (EPA) quantifies this risk by measuring realistic data leakage on membership inference (MI) or reconstruction attacks. A key challenge in EPA is designing ``canary'' examples that are mixed with the privacy-sensitive training data. We propose generating synthetic canaries via high-temperature sampling ($T \geq 0.8$) from LLMs, using prompts tailored to the privacy-sensitive training data. These canaries act as high-influence outliers, ensuring high identifiability and hence strong audits. Further, since the canaries are themselves non-private, they are inspectable and can be inserted with repetition without jeopardizing the privacy of the real data. An important use of models fine-tuned on privacy-sensitive data is the generation of synthetic data. This also comes with privacy risk. We introduce a powerful synthetic data audit based on fine-tuning an auxiliary model on the synthetic data. Auditing the auxiliary model for the original canaries then provides a strong estimate of the privacy leakage through the synthetic data. Finally, leveraging our strong auditing methodologies, we perform a systematic investigation into the interacting effects of model capacity and canary entropy on memorization.