{"id":"https://openalex.org/W7131440362","doi":"https://doi.org/10.48550/arxiv.2602.20595","title":"OptiLeak: Efficient Prompt Reconstruction via Reinforcement Learning in Multi-tenant LLM Services","display_name":"OptiLeak: Efficient Prompt Reconstruction via Reinforcement Learning in Multi-tenant LLM Services","publication_year":2026,"publication_date":"2026-02-24","ids":{"openalex":"https://openalex.org/W7131440362","doi":"https://doi.org/10.48550/arxiv.2602.20595"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.20595","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126843281","display_name":"Longxiang Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Wang, Longxiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126794623","display_name":"Xiang Zheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zheng, Xiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126806450","display_name":"Xuhao Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Xuhao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126853658","display_name":"Yao Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126831238","display_name":"Ye Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Ye","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5126843043","display_name":"Cong Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Cong","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5126843281"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8508999943733215,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8508999943733215,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.023900000378489494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.02070000022649765,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/overfitting","display_name":"Overfitting","score":0.6407999992370605},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.607699990272522},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.513700008392334},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.44909998774528503},{"id":"https://openalex.org/keywords/preference","display_name":"Preference","score":0.4287000000476837},{"id":"https://openalex.org/keywords/ranking","display_name":"Ranking (information retrieval)","score":0.40709999203681946},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.382099986076355}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7627000212669373},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.6407999992370605},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.607699990272522},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5636000037193298},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.513700008392334},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45410001277923584},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.44909998774528503},{"id":"https://openalex.org/C2781249084","wikidata":"https://www.wikidata.org/wiki/Q908656","display_name":"Preference","level":2,"score":0.4287000000476837},{"id":"https://openalex.org/C189430467","wikidata":"https://www.wikidata.org/wiki/Q7293293","display_name":"Ranking (information retrieval)","level":2,"score":0.40709999203681946},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.382099986076355},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.3621000051498413},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3560999929904938},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.3529999852180481},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.3456999957561493},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.3093000054359436},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3034999966621399},{"id":"https://openalex.org/C86037889","wikidata":"https://www.wikidata.org/wiki/Q4330127","display_name":"Learning to rank","level":3,"score":0.260699987411499},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.25440001487731934}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.20595","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.20595","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.20595","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.20595","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Multi-tenant":[0],"LLM":[1],"serving":[2],"frameworks":[3],"widely":[4],"adopt":[5],"shared":[6],"Key-Value":[7],"caches":[8],"to":[9,75,91,128,137,148],"enhance":[10],"efficiency.":[11],"However,":[12],"this":[13],"creates":[14],"side-channel":[15],"vulnerabilities":[16],"enabling":[17],"prompt":[18,58,156],"leakage":[19,157],"attacks.":[20],"Prior":[21],"studies":[22],"identified":[23,85],"these":[24],"attack":[25,31,36,41],"surfaces":[26],"yet":[27,77],"focused":[28],"on":[29,117],"expanding":[30],"vectors":[32],"rather":[33],"than":[34,163],"optimizing":[35],"performance,":[37],"reporting":[38],"impractically":[39],"high":[40],"costs":[42],"that":[43,56,68,154],"underestimate":[44],"the":[45,109,167],"true":[46],"privacy":[47],"risk.":[48],"We":[49],"propose":[50],"OptiLeak,":[51],"a":[52,159],"reinforcement":[53],"learning-enhanced":[54],"framework":[55],"maximizes":[57],"reconstruction":[59],"efficiency":[60],"through":[61],"two-stage":[62],"fine-tuning.":[63,115],"Our":[64,151],"key":[65],"insight":[66],"is":[67],"domain-specific":[69],"``hard":[70],"tokens''":[71],"--":[72,81],"terms":[73],"difficult":[74],"predict":[76],"carrying":[78],"sensitive":[79],"information":[80],"can":[82],"be":[83],"automatically":[84],"via":[86],"likelihood":[87],"ranking":[88],"and":[89,122],"used":[90],"construct":[92],"preference":[93,105],"pairs":[94],"for":[95,169],"Direct":[96],"Preference":[97],"Optimization,":[98],"eliminating":[99],"manual":[100],"annotation.":[101],"This":[102],"enables":[103],"effective":[104],"alignment":[106],"while":[107],"avoiding":[108],"overfitting":[110],"issues":[111],"of":[112],"extended":[113],"supervised":[114],"Evaluated":[116],"three":[118],"benchmarks":[119],"spanning":[120],"medical":[121],"financial":[123],"domains,":[124],"OptiLeak":[125],"achieves":[126],"up":[127],"$12.48\\times$":[129],"reduction":[130],"in":[131,173],"average":[132],"requests":[133],"per":[134],"token":[135],"compared":[136],"baseline":[138],"approaches,":[139],"with":[140],"consistent":[141],"improvements":[142],"across":[143],"model":[144],"scales":[145],"from":[146],"3B":[147],"14B":[149],"parameters.":[150],"findings":[152],"demonstrate":[153],"cache-based":[155],"poses":[158],"more":[160],"severe":[161],"threat":[162],"previously":[164],"reported,":[165],"underscoring":[166],"need":[168],"robust":[170],"cache":[171],"isolation":[172],"production":[174],"deployments.":[175]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-26T00:00:00"}