ORNL Research Boosts Privacy, Security in Federated AI

Federated learning has emerged as a cornerstone for collaborative AI when data cannot be moved, but the promise of privacy often collides with practical constraints. Traditional approaches enforce the strictest privacy level across all participants, injecting uniform noise that can cripple model performance. This tension is especially acute in scientific domains—energy research, national‑security simulations, and health data—where partners operate under divergent regulatory regimes and data‑sensitivity thresholds. The new ORNL‑Argonne framework directly addresses this gap by allowing each participant to align with its own privacy posture, preserving the utility of shared models while respecting institutional mandates.

The first breakthrough, GDPFed, introduces a group‑based differential privacy scheme that clusters collaborators according to their privacy requirements. By applying client‑level privacy at the group tier, the method trims unnecessary noise for entities with more permissive policies, delivering sharper predictive accuracy. GDPFed+ builds on this foundation with model sparsification—pruning insignificant parameters—and mathematically optimal client sampling, which dictates how often each group contributes to training. Empirical results across image, text, and scientific datasets show consistent accuracy gains over legacy privacy‑preserving algorithms, positioning the approach as a viable production‑grade solution for large‑scale federations.

Complementing data protection, the TraMark watermarking system secures the post‑training artifact. Unlike prior techniques that require direct model access, TraMark embeds a tiny, invisible watermark on the server side, uniquely tagging each participant’s contribution. The watermark survives typical API‑only deployments and enables rapid forensic tracing when a model is leaked or misused, preserving intellectual‑property rights without sacrificing performance. Together, GDPFed/GDPFed+ and TraMark form a defense‑in‑depth stack that tackles both data confidentiality and model accountability, a combination poised to accelerate cross‑institutional AI initiatives across the DOE’s research portfolio and beyond.