Large language models (LLMs) are increasingly deployed in enterprise settings where thLarge language models (LLMs) are increasingly deployed in enterprise environments, where they serve multiple users and are trained or fine-tuned on sensitive internal data. While fine-tuning improves task performance by internalizing domain-specific knowledge, it also introduces a critical security risk: the inadvertent disclosure of confidential training data to unauthorized users. These risks are further amplified when LLMs are integrated with Retrieval-Augmented Generation (RAG) pipelines, which dynamically retrieve contextual documents at inference time.

In this project, we investigate mechanisms for enforcing fine-grained access control over data during both fine-tuning and RAG-based inference, with the goal of reliably preventing sensitive information from leaking to unauthorized recipients. Our solution has been deployed in Microsoft Copilot Tuning, a product that enables organizations to fine-tune models using their enterprise-specific data. Beyond deployment, this work also examines extraction attacks on machine learning models arising from incorrectly administered access control lists (ACLs), as well as broader challenges in the secure design and management of ACLs themselves.