Gradient Inversion of Multimodal Models
Abstract
Federated learning (FL) enables privacy-preserving distributed machine learning by sharing gradients instead of raw data. However, FL remains vulnerable to gradient inversion attacks, in which shared gradients can reveal sensitive training data. Prior research has mainly concentrated on unimodal tasks, particularly image classification, examining the reconstruction of single-modality data, and analyzing privacy vulnerabilities in these relatively simple scenarios. As multimodal models are increasingly used to address complex vision-language tasks, it becomes essential to assess the privacy risks inherent in these architectures. In this paper, we explore gradient inversion attacks targeting multimodal vision-language Document Visual Question Answering (DQA) models and propose GI-DQA, a novel method that reconstructs private document content from gradients. Through extensive evaluation on state-of-the-art DQA models, our approach exposes critical privacy vulnerabilities and highlights the urgent need for robust defenses to secure multimodal FL systems.
Cite
Text
Hemo et al. "Gradient Inversion of Multimodal Models." Proceedings of the 42nd International Conference on Machine Learning, 2025.Markdown
[Hemo et al. "Gradient Inversion of Multimodal Models." Proceedings of the 42nd International Conference on Machine Learning, 2025.](https://mlanthology.org/icml/2025/hemo2025icml-gradient/)BibTeX
@inproceedings{hemo2025icml-gradient,
title = {{Gradient Inversion of Multimodal Models}},
author = {Hemo, Omri Ben and Zolfi, Alon and Yehezkel, Oryan and Hofman, Omer and Vainshtein, Roman and Kojima, Hisashi and Elovici, Yuval and Shabtai, Asaf},
booktitle = {Proceedings of the 42nd International Conference on Machine Learning},
year = {2025},
pages = {22988-23004},
volume = {267},
url = {https://mlanthology.org/icml/2025/hemo2025icml-gradient/}
}