Privacy-Preserving Neural Processes for Probabilistic User Modeling

Created on July 15, 2025

2025   ·   formatting   bib   ·   sample-posts

As AI assistants increasingly interact with people in real-world settings—helping us make decisions, personalize experiences, or recommend actions—they must learn from user behaviour responsibly. To build trustworthy AI systems, we need models that can adapt to users quickly while protecting their privacy.

Our recent paper, “Privacy-Preserving Neural Processes for Probabilistic User Modeling,” introduces a framework that brings together probabilistic user modeling, uncertainty quantification, and formal privacy guarantees through Differential Privacy (DP).

🔍 The Problem

Most existing user modeling approaches rely on either centralized training, where all data is pooled together, or Federated Learning (FL), which trains global models through distributed updates. However, both approaches face key limitations:

Privacy leakage: Sensitive information can be inferred from model updates.

Communication overhead: FL requires continuous synchronization with a central server.

Limited adaptability: Global models often underperform on user-specific tasks in heterogeneous environments.

Our goal was to design a method that enables privacy-preserving, uncertainty-aware personalization—without centralized coordination.

💡 The Idea: Neural Processes with Differential Privacy

We build on Neural Processes (NPs), a class of latent-variable models that combine the flexibility of neural networks with the uncertainty modeling capability of Gaussian Processes. NPs can learn user-specific patterns efficiently and generalize to new users with only a few examples—making them ideal for personalized AI assistants.

To ensure privacy, we integrate Differentially Private Stochastic Gradient Descent (DP-SGD) into the NP training process. DP-SGD injects calibrated noise into model updates, limiting what can be inferred about any individual user’s data. We further adopt Privacy Loss Distribution (PLD) accounting, which offers tighter privacy guarantees than traditional moment-based methods.

This combination allows us to train probabilistic user models that are both adaptive and privacy-protected.

🏥 Example: Privacy-Aware Collaboration Across Hospitals

Imagine two healthcare centres, each using an AI assistant to suggest treatment strategies for their patients. Sharing raw patient data is not allowed, and federated learning might be too complex to coordinate. With our approach, each assistant can train a differentially private surrogate model of user behaviour and share it as needed. The receiving assistant can adapt this model locally for its own patients, benefiting from prior experience without ever accessing sensitive data.

📊 Results

We evaluated our method on:

GridWorld: modeling decision trajectories of simulated users.

Menu Search: modeling human search behaviour in cognitive tasks.

Across both domains, our privacy-preserving Neural Processes achieved competitive accuracy with non-private baselines, even under strict privacy budgets. As the number of users increases, the performance gap between private and non-private models becomes negligible—showing that privacy does not have to come at the cost of performance.

🧩 Highlights

Privacy-preserving probabilistic user modeling via DP-SGD and PLD accounting.

User-level privacy guarantees for non-convex neural process training.

Theoretical utility–privacy bounds for uncertainty-aware meta-learning.

Scalable and accurate models that remain effective under tight privacy constraints.

🚀 Toward Trustworthy and Adaptive AI

This work advances the development of privacy-conscious AI assistants that can learn from human behaviour while preserving confidentiality. By combining uncertainty-aware probabilistic modeling with differential privacy, we move closer to AI systems that are trustworthy by design—adaptive, data-efficient, and safe for real-world deployment.

References