When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing

Siyuan XU; Yibing LIU; Peilin CHEN; Yung Hui LI; Shiqi WANG; Sam KWONG

doi:10.1609/aaai.v40i42.40911

When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing

Siyuan XU
, Yibing LIU^*
, Peilin CHEN
, Yung Hui LI
, Shiqi WANG
, Sam KWONG

^*Corresponding author for this work

Lingnan University

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Referred Conference Paper › peer-review

Abstract

Privacy leakage in Multimodal Large Language Models (MLLMs) has long been an intractable problem. Existing studies, though effectively obscure private information in MLLMs, often overlook the evaluation of the authenticity and recovery quality of user privacy. To this end, this work uniquely focuses on the critical challenge of how to restore surrogate-driven protected data in diverse MLLM scenarios. We first bridge this research gap by contributing the SPPE (Surrogate Privacy Protected Editable) dataset, which includes a wide range of privacy categories and user instructions to simulate real MLLM applications. This dataset offers protected surrogates alongside their various MLLM-edited versions, thus enabling the direct assessment of privacy recovery quality. By formulating privacy recovery as a guided generation task conditioned on complementary multimodal signals, we further introduce a unified approach that reliably reconstructs private content while preserving the fidelity of MLLM-generated edits. The experiments on both SPPE and InstructPix2Pix further show that our approach generalizes well across diverse visual content and editing tasks, achieving a strong balance between privacy protection and MLLM usability.

Original language	English
Title of host publication	Proceedings of the 40th AAAI Conference on Artificial Intelligence
Editors	Sven KOENIG, Chad JENKINS, Matthew E. TAYLOR
Publisher	Association for the Advancement of Artificial Intelligence
Pages	35958-35966
Number of pages	9
ISBN (Print)	9781577359067
DOIs	https://doi.org/10.1609/aaai.v40i42.40911
Publication status	Published - 14 Mar 2026
Event	40th AAAI Conference on Artificial Intelligence, AAAI 2026 - Singapore, Singapore Duration: 20 Jan 2026 → 27 Jan 2026

Publication series

Name	Proceedings of the AAAI Conference on Artificial Intelligence
Publisher	Association for the Advancement of Artificial Intelligence
Number	42
Volume	40
ISSN (Print)	2159-5399
ISSN (Electronic)	2374-3468

Conference

Conference	40th AAAI Conference on Artificial Intelligence, AAAI 2026
Country/Territory	Singapore
City	Singapore
Period	20/01/26 → 27/01/26

Bibliographical note

Publisher Copyright:
© 2026, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.

Funding

This work acknowledges the Hon Hai-CityU Joint Research Center and Hon Hai Research Institute for their financial and technical support.

Access to Document

10.1609/aaai.v40i42.40911

Cite this

XU, S., LIU, Y., CHEN, P., LI, Y. H., WANG, S., & KWONG, S. (2026). When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing. In S. KOENIG, C. JENKINS, & M. E. TAYLOR (Eds.), Proceedings of the 40th AAAI Conference on Artificial Intelligence (pp. 35958-35966). (Proceedings of the AAAI Conference on Artificial Intelligence; Vol. 40, No. 42). Association for the Advancement of Artificial Intelligence. https://doi.org/10.1609/aaai.v40i42.40911

XU, Siyuan ; LIU, Yibing ; CHEN, Peilin et al. / When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing. Proceedings of the 40th AAAI Conference on Artificial Intelligence. editor / Sven KOENIG ; Chad JENKINS ; Matthew E. TAYLOR. Association for the Advancement of Artificial Intelligence, 2026. pp. 35958-35966 (Proceedings of the AAAI Conference on Artificial Intelligence; 42).

@inproceedings{eaee8cd9839f43868afa1ea0d108d749,

title = "When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing",

abstract = "Privacy leakage in Multimodal Large Language Models (MLLMs) has long been an intractable problem. Existing studies, though effectively obscure private information in MLLMs, often overlook the evaluation of the authenticity and recovery quality of user privacy. To this end, this work uniquely focuses on the critical challenge of how to restore surrogate-driven protected data in diverse MLLM scenarios. We first bridge this research gap by contributing the SPPE (Surrogate Privacy Protected Editable) dataset, which includes a wide range of privacy categories and user instructions to simulate real MLLM applications. This dataset offers protected surrogates alongside their various MLLM-edited versions, thus enabling the direct assessment of privacy recovery quality. By formulating privacy recovery as a guided generation task conditioned on complementary multimodal signals, we further introduce a unified approach that reliably reconstructs private content while preserving the fidelity of MLLM-generated edits. The experiments on both SPPE and InstructPix2Pix further show that our approach generalizes well across diverse visual content and editing tasks, achieving a strong balance between privacy protection and MLLM usability.",

author = "Siyuan XU and Yibing LIU and Peilin CHEN and LI, \{Yung Hui\} and Shiqi WANG and Sam KWONG",

note = "Publisher Copyright: {\textcopyright} 2026, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 40th AAAI Conference on Artificial Intelligence, AAAI 2026 ; Conference date: 20-01-2026 Through 27-01-2026",

year = "2026",

month = mar,

day = "14",

doi = "10.1609/aaai.v40i42.40911",

language = "English",

isbn = "9781577359067",

series = "Proceedings of the AAAI Conference on Artificial Intelligence",

publisher = "Association for the Advancement of Artificial Intelligence",

number = "42",

pages = "35958--35966",

editor = "Sven KOENIG and Chad JENKINS and TAYLOR, \{Matthew E.\}",

booktitle = "Proceedings of the 40th AAAI Conference on Artificial Intelligence",

address = "United States",

}

XU, S, LIU, Y, CHEN, P, LI, YH, WANG, S & KWONG, S 2026, When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing. in S KOENIG, C JENKINS & ME TAYLOR (eds), Proceedings of the 40th AAAI Conference on Artificial Intelligence. Proceedings of the AAAI Conference on Artificial Intelligence, no. 42, vol. 40, Association for the Advancement of Artificial Intelligence, pp. 35958-35966, 40th AAAI Conference on Artificial Intelligence, AAAI 2026, Singapore, Singapore, 20/01/26. https://doi.org/10.1609/aaai.v40i42.40911

When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing. / XU, Siyuan; LIU, Yibing; CHEN, Peilin et al.
Proceedings of the 40th AAAI Conference on Artificial Intelligence. ed. / Sven KOENIG; Chad JENKINS; Matthew E. TAYLOR. Association for the Advancement of Artificial Intelligence, 2026. p. 35958-35966 (Proceedings of the AAAI Conference on Artificial Intelligence; Vol. 40, No. 42).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Referred Conference Paper › peer-review

TY - GEN

T1 - When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing

AU - XU, Siyuan

AU - LIU, Yibing

AU - CHEN, Peilin

AU - LI, Yung Hui

AU - WANG, Shiqi

AU - KWONG, Sam

PY - 2026/3/14

Y1 - 2026/3/14

N2 - Privacy leakage in Multimodal Large Language Models (MLLMs) has long been an intractable problem. Existing studies, though effectively obscure private information in MLLMs, often overlook the evaluation of the authenticity and recovery quality of user privacy. To this end, this work uniquely focuses on the critical challenge of how to restore surrogate-driven protected data in diverse MLLM scenarios. We first bridge this research gap by contributing the SPPE (Surrogate Privacy Protected Editable) dataset, which includes a wide range of privacy categories and user instructions to simulate real MLLM applications. This dataset offers protected surrogates alongside their various MLLM-edited versions, thus enabling the direct assessment of privacy recovery quality. By formulating privacy recovery as a guided generation task conditioned on complementary multimodal signals, we further introduce a unified approach that reliably reconstructs private content while preserving the fidelity of MLLM-generated edits. The experiments on both SPPE and InstructPix2Pix further show that our approach generalizes well across diverse visual content and editing tasks, achieving a strong balance between privacy protection and MLLM usability.

AB - Privacy leakage in Multimodal Large Language Models (MLLMs) has long been an intractable problem. Existing studies, though effectively obscure private information in MLLMs, often overlook the evaluation of the authenticity and recovery quality of user privacy. To this end, this work uniquely focuses on the critical challenge of how to restore surrogate-driven protected data in diverse MLLM scenarios. We first bridge this research gap by contributing the SPPE (Surrogate Privacy Protected Editable) dataset, which includes a wide range of privacy categories and user instructions to simulate real MLLM applications. This dataset offers protected surrogates alongside their various MLLM-edited versions, thus enabling the direct assessment of privacy recovery quality. By formulating privacy recovery as a guided generation task conditioned on complementary multimodal signals, we further introduce a unified approach that reliably reconstructs private content while preserving the fidelity of MLLM-generated edits. The experiments on both SPPE and InstructPix2Pix further show that our approach generalizes well across diverse visual content and editing tasks, achieving a strong balance between privacy protection and MLLM usability.

UR - https://www.scopus.com/pages/publications/105034965189

U2 - 10.1609/aaai.v40i42.40911

DO - 10.1609/aaai.v40i42.40911

M3 - Conference paper (refereed)

AN - SCOPUS:105034965189

SN - 9781577359067

T3 - Proceedings of the AAAI Conference on Artificial Intelligence

SP - 35958

EP - 35966

BT - Proceedings of the 40th AAAI Conference on Artificial Intelligence

A2 - KOENIG, Sven

A2 - JENKINS, Chad

A2 - TAYLOR, Matthew E.

PB - Association for the Advancement of Artificial Intelligence

T2 - 40th AAAI Conference on Artificial Intelligence, AAAI 2026

Y2 - 20 January 2026 through 27 January 2026

ER -

XU S, LIU Y, CHEN P, LI YH, WANG S, KWONG S. When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing. In KOENIG S, JENKINS C, TAYLOR ME, editors, Proceedings of the 40th AAAI Conference on Artificial Intelligence. Association for the Advancement of Artificial Intelligence. 2026. p. 35958-35966. (Proceedings of the AAAI Conference on Artificial Intelligence; 42). doi: 10.1609/aaai.v40i42.40911

When Privacy Meets Recovery: The Overlooked Half of Surrogate-Driven Privacy Preservation for MLLM Editing

Abstract

Publication series

Conference

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this