Saved in:
Bibliographic Details
Main Authors: Wang, Yubo, Tang, Min, Shen, Nuo, Cui, Shujie, Wang, Weiqing
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.03703
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908534387507200
author Wang, Yubo
Tang, Min
Shen, Nuo
Cui, Shujie
Wang, Weiqing
author_facet Wang, Yubo
Tang, Min
Shen, Nuo
Cui, Shujie
Wang, Weiqing
contents The large language model (LLM) powered recommendation paradigm has been proposed to address the limitations of traditional recommender systems, which often struggle to handle cold start users or items with new IDs. Despite its effectiveness, this study uncovers that LLM empowered recommender systems are vulnerable to reconstruction attacks that can expose both system and user privacy. To examine this threat, we present the first systematic study on inversion attacks targeting LLM empowered recommender systems, where adversaries attempt to reconstruct original prompts that contain personal preferences, interaction histories, and demographic attributes by exploiting the output logits of recommendation models. We reproduce the vec2text framework and optimize it using our proposed method called Similarity Guided Refinement, enabling more accurate reconstruction of textual prompts from model generated logits. Extensive experiments across two domains (movies and books) and two representative LLM based recommendation models demonstrate that our method achieves high fidelity reconstructions. Specifically, we can recover nearly 65 percent of the user interacted items and correctly infer age and gender in 87 percent of the cases. The experiments also reveal that privacy leakage is largely insensitive to the victim model's performance but highly dependent on domain consistency and prompt complexity. These findings expose critical privacy vulnerabilities in LLM empowered recommender systems.
format Preprint
id arxiv_https___arxiv_org_abs_2508_03703
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Privacy Risks of LLM-Empowered Recommender Systems: An Inversion Attack Perspective
Wang, Yubo
Tang, Min
Shen, Nuo
Cui, Shujie
Wang, Weiqing
Information Retrieval
Artificial Intelligence
The large language model (LLM) powered recommendation paradigm has been proposed to address the limitations of traditional recommender systems, which often struggle to handle cold start users or items with new IDs. Despite its effectiveness, this study uncovers that LLM empowered recommender systems are vulnerable to reconstruction attacks that can expose both system and user privacy. To examine this threat, we present the first systematic study on inversion attacks targeting LLM empowered recommender systems, where adversaries attempt to reconstruct original prompts that contain personal preferences, interaction histories, and demographic attributes by exploiting the output logits of recommendation models. We reproduce the vec2text framework and optimize it using our proposed method called Similarity Guided Refinement, enabling more accurate reconstruction of textual prompts from model generated logits. Extensive experiments across two domains (movies and books) and two representative LLM based recommendation models demonstrate that our method achieves high fidelity reconstructions. Specifically, we can recover nearly 65 percent of the user interacted items and correctly infer age and gender in 87 percent of the cases. The experiments also reveal that privacy leakage is largely insensitive to the victim model's performance but highly dependent on domain consistency and prompt complexity. These findings expose critical privacy vulnerabilities in LLM empowered recommender systems.
title Privacy Risks of LLM-Empowered Recommender Systems: An Inversion Attack Perspective
topic Information Retrieval
Artificial Intelligence
url https://arxiv.org/abs/2508.03703