Effective PII Extraction from LLMs through Augmented Few-Shot Learning

Large Language Models (LLMs) exhibit strong natural language processing capabilities but also pose significant privacy risks, particularly regarding the leakage of Personally Identifiable Information (PII) embedded in their training data. Existing PII extraction methods suffer from the limitations of low success rates or impracticality for large-scale PII extraction. In this study, we propose a novel PII extraction approach based on enhanced few-shot learning techniques, which achieves efficient and cost-effective PII retrieval without relying on fine-tuning or jailbreaking. We evaluated our approach on both open-source and closed-source LLMs. The experimental results demonstrate that, for non-targeted PII extraction, the attack success rate reaches 48.9%, extracting one authentic PII per two queries at a cost of $0.012 per PII. For targeted PII extraction, our approach surpassed state-of-the-art methods, achieving a 10% to 60% improvement in attack success rates. Additionally, an exploratory analysis of the origins of extracted PII revealed the significant scale of potential privacy breaches. Our work advances the understanding of LLM-induced privacy risks and underscores the vulnerability of partial personal data to large-scale exploitation.