RULER: Representation-Level Verification of Machine Unlearning
Quick Take
RULER introduces representation-level verification metrics for machine unlearning, detecting residuals in 10 of 12 conditions despite passing output-level tests. The oracle-comparative metric M2 and oracle-free metric M4 reveal hidden influences of forgotten records in models, highlighting the inadequacy of current protocols.
Key Points
- RULER's M2 metric detects significant residuals in 10 of 12 conditions (p<0.05).
- Four approximate unlearning methods passed output-level evaluations but failed representation-level checks.
- M4 serves as a pre-unlearning diagnostic across various data types.
- Bad Teacher method shows residuals despite a different forgetting mechanism.
- Identity-level memorization detected in face recognition models indicates incomplete erasure.
Article Content
From source RSS / original summaryarXiv:2605. 27569v1 Announce Type: new Abstract: Machine unlearning aims to remove the influence of specific training records from a deployed model without retraining from scratch. Current protocols verify this at the output level through membership inference, retain accuracy, and forget-set accuracy, but a model can satisfy all three whilst still encoding forgotten records in its intermediate representations. We introduce RULER, a set of representation-level verification metrics.
The oracle-comparative metric M2 measures whether forget-set records occupy the same representational position as in a model retrained without them. The oracle-free metric M4 detects residuals from the unlearned model's internal similarity structure alone, without retraining. Four approximate unlearning methods all pass output-level evaluation, yet under a linear mixed-effects model M2 detects significant residuals in 10 of 12 conditions (p<0. 05), with effect sizes growing as the forget fraction increases.
A fifth method, Bad Teacher, shows the same residuals despite a different forgetting mechanism. M4 acts as a pre-unlearning diagnostic across tabular, image, clinical text, and face-identity settings: it detects identity-level memorisation in face recognition models where no tested method fully erases the signal.
Reader Mode unavailable (could not extract clean content).
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →The Importance of Out-of-Band Metadata for Safe Autonomous Agents: The Redpanda Agentic Data Plane
The Redpanda Agentic Data Plane (ADP) introduces out-of-band metadata channels to enhance the safety of autonomous AI agents, ensuring secure data access and tamper-proof audit trails. This architecture mitigates risks associated with unpredictable AI behavior by enforcing governance throughout the agent lifecycle, demonstrated in a multi-agent trading system with strict data scoping and approval thresholds.