This project's goal is to build better methods for assessing privacy risks in machine learning (ML) models trained using data in table-based formats. ML models trained on tabular data (e.g., patient records, loan application records) are commonly used in privacy-sensitive domains such as health or finance. This makes them valuable targets for attackers who want to steal private data. One critical threat to privacy in ML models is model inversion attacks, in which adversaries strategically query the model to infer attributes of the data used to build it. Model inversion attacks have been well-studied in image datasets, but are much less understood in table-based datasets. Further, attribute inference risks are often studied as a global property of the model; however, because training data may be unbalanced in terms of what it captures about the world, specific groups or individuals may be at much higher risk of attribute inference than others. Finally, models in sensitive domains are often trained using a technique called "federated learning", where multiple participants who each have some private data (but not enough to train a model) can jointly train a model without having to share the sensitive data directly. Federated learning has the potential to protect privacy, but it also poses new risks if some of the participants are adversaries. To address these questions, the project team will develop methods for auditing attribute inference risks and disparities in both centrali