English

Protecting Private Code in IDE Autocomplete using Differential Privacy

Cryptography and Security 2026-02-02 v1 Artificial Intelligence

Abstract

Modern Integrated Development Environments (IDEs) increasingly leverage Large Language Models (LLMs) to provide advanced features like code autocomplete. While powerful, training these models on user-written code introduces significant privacy risks, making the models themselves a new type of data vulnerability. Malicious actors can exploit this by launching attacks to reconstruct sensitive training data or infer whether a specific code snippet was used for training. This paper investigates the use of Differential Privacy (DP) as a robust defense mechanism for training an LLM for Kotlin code completion. We fine-tune a \texttt{Mellum} model using DP and conduct a comprehensive evaluation of its privacy and utility. Our results demonstrate that DP provides a strong defense against Membership Inference Attacks (MIAs), reducing the attack's success rate close to a random guess (AUC from 0.901 to 0.606). Furthermore, we show that this privacy guarantee comes at a minimal cost to model performance, with the DP-trained model achieving utility scores comparable to its non-private counterpart, even when trained on 100x less data. Our findings suggest that DP is a practical and effective solution for building private and trustworthy AI-powered IDE features.

Keywords

Cite

@article{arxiv.2601.22935,
  title  = {Protecting Private Code in IDE Autocomplete using Differential Privacy},
  author = {Evgeny Grigorenko and David Stanojević and David Ilić and Egor Bogomolov and Kostadin Cvejoski},
  journal= {arXiv preprint arXiv:2601.22935},
  year   = {2026}
}

Comments

6 pages

R2 v1 2026-07-01T09:27:43.621Z