The Problem Hiding Inside Every Medical Study Picture a coalition of hospitals that wants to train an AI to detect early signs of heart disease. No individual hospital has enough patients to train the model alone, so they decide to collaborate. But there's a catch: they cannot simply share patient records. Privacy law forbids it. So instead, each hospital trains on its own data and shares only the model's learned parameters — not the raw records themselves. This arrangement sounds safe, but the parameters are not innocent. Through a technique called a membership inference attack , a sophisticated adversary can sometimes probe a shared model and determine whether a specific person's records were used in training. Each round of parameter sharing is a small window through which a little information escapes. Run enough rounds, and the window grows into a door. Every engineer building this kind of system therefore works under a constraint: a privacy budget. Think of it as a jar of trust coins.…