Operationalizing the Motivated Intruder: A Codebook-Guided Inference Framework for Semantic Input Privacy in LLMs
Authors: Michael Maximilian Grötzner (FernUniversität in Hagen), Pascal Tippe (FernUniversität in Hagen)
Volume: 2026
Issue: 3
Pages: 441–466
DOI: https://doi.org/10.56553/popets-2026-0090
Abstract: The integration of LLMs into professional and personal workflows creates a semantic leakage vector, where sensitive data is exposed through contextual quasi-identifiers rather than explicit identifiers. We demonstrate that conventional syntactic sanitization (Regex/NER) is fundamentally insufficient for this threat model. To address this, we propose a codebook-guided privacy gateway, an architecture that operationalizes the GDPR's motivated intruder test into executable chain-of-thought logic. We evaluate this framework using a high-fidelity reference model to isolate logical validity from hardware constraints, validating results against a multi-stage human-annotated ground truth ($N=127$) to eliminate model-preference bias. Our findings are threefold. First, deductive inference outperforms pattern matching: the gateway achieves a 90% risk neutralization rate for trade secrets, significantly outperforming baseline methods which neutralize less than 5%. Second, privacy is a compute-bound task: sanitization efficacy correlates linearly ($r=0.985$) with chain-of-thought token volume, mapping a significant inference gap in current local models on consumer-grade hardware. Third, we identify the semantic coupling limit: a structural boundary in technical domains where robust privacy and high utility are mutually exclusive. This study establishes that effective input sanitization requires a shift from deterministic filtering to probabilistic, deductive inference.
Keywords: Large Language Models, Semantic Leakage, Motivated Intruder, Deductive Sanitization, GDPR Compliance, Input Privacy
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.