PrivSV: Differentially Private Steering Vector for Large Language Models

Authors

  • Haocheng Yang State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China
  • Xiang Cheng State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China
  • Chenhao Sun State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China
  • Pengfei Zhang State Key Laboratory of Digital Intelligent Technology for Unmanned Coal Mining, the School of Computer Science and Engineering, Anhui University of Science and Technology, Huainan, China
  • Sen Su State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China

DOI:

https://doi.org/10.1609/aaai.v40i40.40720

Abstract

Steering Vector (SV) is a powerful technique for controlling Large Language Models (LLMs) by manipulating their activations without altering model weights. However, when constructed from sensitive data, SV poses significant privacy risks, as it may leak private information. Existing differential privacy (DP) techniques for constructing SV cannot be directly applied to training-based SV construction paradigms, which offer higher task performance. In this work, we present **PrivSV**, a general privacy-preserving approach for constructing SV with DP guarantees, compatible with arbitrary SV construction paradigms while maintaining high utility. In PrivSV, we propose three novel methods: a Layer-wise Noise-Resilient Reduction (LNR²) method to reduce the injected noise in high-dimensional SV; a Directional Prior Compensation (DPC) method to recover utility degraded by noise perturbation; and a Privacy-Aware Optimal Parameter Determination (POPD) method to adaptively maximize the performance of the final compensated SV. Extensive experiments on open-source LLMs of different families (i.e., LlaMa, Qwen, Mistral and Gemma) demonstrate that PrivSV outperforms several existing techniques across various privacy budgets.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Yang, H., Cheng, X., Sun, C., Zhang, P., & Su, S. (2026). PrivSV: Differentially Private Steering Vector for Large Language Models. Proceedings of the AAAI Conference on Artificial Intelligence, 40(40), 34241–34249. https://doi.org/10.1609/aaai.v40i40.40720

Issue

Vol. 40 No. 40: AAAI-26 Technical Tracks 40

Section

AAAI Technical Track on Natural Language Processing V