AI is a double-edged sword for digital privacy

A new academic review states that artificial intelligence (AI) is simultaneously a privacy threat and a privacy shield, creating a dual reality that policymakers and technologists can no longer afford to ignore.

In the study titled Both ends of artificial intelligence impacting privacy: a review of violation and protection, published in Frontiers in Artificial Intelligence, researchers examine how AI systems both compromise and defend personal privacy across major technological domains. Through a systematic review of 94 peer-reviewed studies, the authors construct a structured framework to map how artificial intelligence interacts with privacy violations, defenses, regulatory mechanisms, and ethical strategies.

AI as a driver of privacy violations

The review identifies machine learning, large language models, natural language processing, computer vision, speech recognition, Internet of Things systems, online social networks, and database technologies as key AI domains with direct privacy implications.

In machine learning, privacy risks often emerge from inference-based attacks. Model inversion techniques can reconstruct sensitive training data from model outputs. Membership inference attacks allow adversaries to determine whether a specific individual’s data was included in a training dataset. Even models that do not directly expose raw data may leak patterns that can be reverse engineered.

Large language models introduce new categories of risk. Prompt injection and jailbreak strategies can extract memorized personal information from training corpora. Hallucinated content may inadvertently expose plausible but fabricated personal details. The scale of these models amplifies risk, as they are trained on massive datasets that may contain sensitive information scraped from the public web.

Computer vision systems pose another layer of concern. Facial recognition technologies can identify individuals across public spaces, enabling surveillance at unprecedented scale. Re-identification algorithms can match anonymized images with known identities using cross-referenced datasets. These capabilities extend into behavioral profiling, where movement patterns and environmental context can reveal sensitive traits.

Speech recognition systems add biometric dimensions to privacy exposure. Voiceprints can function as unique identifiers. Beyond identity, speech analysis models can infer emotional states, health conditions, and even stress levels from vocal patterns. When combined with IoT devices, such as smart speakers, these systems create continuous streams of intimate behavioral data.

Internet of Things (IoT) ecosystems compound privacy challenges. Connected devices in homes, vehicles, and workplaces collect location, usage, and sensor data that can be aggregated and analyzed by AI systems. Cross-device inference techniques allow algorithms to build detailed behavioral profiles by correlating data from multiple sources.

Online social networks represent one of the most studied domains in the review. AI-driven profiling systems analyze posts, likes, connections, and browsing history to infer personality traits, political affiliations, and consumer preferences. Even anonymized datasets can be re-identified through network analysis and linkage attacks.

The authors emphasize that these violations are not isolated failures. They often arise from structural features of AI systems: optimization for predictive accuracy, reliance on large-scale data collection, and the ability to infer latent patterns from seemingly innocuous inputs.

AI as a tool for privacy protection

AI also provides some of the most advanced tools available for privacy protection.

• Differential privacy has emerged as a leading framework for safeguarding individual data within aggregated datasets. By injecting controlled statistical noise into outputs, differential privacy reduces the likelihood that any single data point can be reverse engineered. Machine learning models trained under differential privacy constraints can preserve predictive performance while minimizing exposure risk.
• Federated learning offers another protective approach. Instead of centralizing raw data on a single server, federated learning allows models to be trained across decentralized devices. Only model updates, not original data, are shared with the central system. This reduces the attack surface and limits direct data transfer.
• Homomorphic encryption and secure multiparty computation provide cryptographic safeguards that allow computations to be performed on encrypted data without revealing the underlying information. These techniques enable collaborative analytics across institutions while preserving confidentiality.
• Adversarial training methods are also used to defend against privacy attacks. By exposing models to simulated attacks during training, developers can strengthen resistance to inference and extraction attempts. Anonymization algorithms, when combined with AI-based detection of re-identification risk, further enhance data protection.

The review highlights Privacy by Design as a guiding principle. Rather than retrofitting privacy controls after deployment, systems should integrate privacy safeguards into architecture from the outset. Hybrid approaches that combine legal compliance, technical protection, and organizational governance appear most promising.

Importantly, the authors argue that AI is not inherently aligned with either violation or protection. Its impact depends on how systems are designed, deployed, and regulated. AI used for biometric surveillance can also be used for anonymization. Machine learning models that extract sensitive patterns can also detect suspicious data access and prevent breaches.

A framework for understanding AI and privacy

To organize the diverse literature, the authors introduce a four-dimensional classification framework: Domain, Action, Approach, and Direction.

The Domain dimension captures the technological context, from large language models to IoT systems. The Action dimension categorizes privacy-related activities such as attacks, defenses, vulnerabilities, threats, regulatory measures, and awareness efforts. The Approach dimension reflects overarching strategies including privacy-preserving data mining, advisory frameworks, hybrid governance models, and Privacy by Design. The Direction dimension identifies whether AI functions primarily as a privacy threat, a privacy protector, privacy-aware implementation, or the application of privacy principles to AI systems themselves.

This taxonomy allows researchers and policymakers to visualize where risks and protections cluster. It also reveals research gaps. Certain domains, such as large language models, show rapidly growing threat analysis but comparatively fewer mature defensive frameworks. Other areas, such as federated learning, demonstrate strong defensive innovation but face scalability and regulatory challenges.

The authors employ a graph-based evidence mapping approach using a Neo4J database to illustrate relationships among domains, privacy actions, and strategies. This dynamic mapping underscores the interconnected nature of privacy issues in AI ecosystems. Violations in one domain often spill into another, while protective techniques developed in one context can be adapted elsewhere.

Beyond technical dimensions, the review emphasizes regulatory and ethical considerations. As AI systems become more autonomous and embedded in decision-making processes, transparency and accountability become critical. Emotional AI and behavioral profiling raise concerns about manipulation and consent. Synthetic data generation can obscure the boundary between real and fabricated personal information.

The authors argue that privacy governance must evolve alongside AI capabilities. Legal frameworks such as data protection regulations provide foundational safeguards, but enforcement and technical alignment remain uneven. Ethical oversight and interdisciplinary collaboration are necessary to anticipate emerging risks.

As for the limitations, it is qualitative rather than quantitative, reflecting the methodological diversity of the field. While the systematic screening process enhances rigor, privacy research continues to evolve rapidly, particularly in generative AI and multimodal systems. Continuous monitoring and updated synthesis will be required.