Faster AI systems that are also privacy-preserving—award for research on optimizing privacy in deep learning
Photo by Sasun Bughdaryan on Unsplash
AI systems can have leaky and corruptible memories. Numerous examples in the media and scientific fields have demonstrated that information from AI models’ training can emerge through simple hacks or even unprompted. Privacy in AI training is a big research focus, not just for keeping corporate secrets secret, but also for preserving anonymity when AI systems are trained on sensitive medical data, for example. Privacy, however, comes at a cost: ensuring AI models ‘forget’ or mask training data may be slow and inefficient, especially for large datasets and models.
Now, researchers in Antti Honkela’s group at the University of Helsinki and the Finnish Center for Artificial Intelligence FCAI, along with collaborators at NVIDIA, have analyzed the computational cost of training deep learning models under differential privacy. Their approach won the Best Paper award at the IEEE Conference on Secure and Trustworthy Machine Learning in March 2026.
Differential privacy is a tech-industry standard that gives a mathematical guarantee of privacy, while allowing for limited information about training data to be accessible. Doctoral researcher Sebastian Rodriguez says that they have managed to ensure differential privacy while making training faster and more memory-efficient on computer vision models. The models were trained on supercomputers from Finland’s CSC – IT Center for Science.
“The result contributes to privacy-preserving machine learning becoming more widely and easily usable”
The result contributes to privacy-preserving machine learning becoming more widely and easily usable. “Our work provides a practical guideline for AI engineers on how to optimize the use of their computational resources, enabling them to achieve the best results on their available hardware,” says Rodriguez. “Our method can perform twice as fast as the baselines from standard libraries like Opacus and is more generalizable than other efficient methods.”
The next step, says Rodriguez, involves tackling the complex challenge of ensuring privacy in the training of large language models (LLMs). “LLMs present unique difficulties that require innovative solutions, involving distributing computation and data management,” says Rodriguez. “We expect to advance our current solution to tackle these issues.”
Paper: Beltran, S. R., Tobaben, M., Jälkö, J., Loppi, N., & Honkela, A. (2026). Efficient and Scalable Implementation of Differentially Private Deep Learning without Shortcuts. In Proceedings of the 2026 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML 2026). DOI: 10.1109/SaTML68715.2026.00030
Pre-print available on arXiv