This paper addresses three key challenges in personalizing multimodal large language models (MLLMs) for federated learning: (1) local overfitting due to data heterogeneity; (2) privacy risks—including prompt stealing and membership inference attacks—arising from uploading user-specific prompts; and (3) the inherent privacy–performance trade-off. To tackle these, we propose SecFPP, a secure federated prompt personalization protocol. SecFPP introduces secret-sharing–driven adaptive domain-level clustering for optimal client grouping; designs a privatized class-level prompt decoupling mechanism that separates shareable generic prompts from locally protected personalized ones; and integrates hierarchical prompt adaptation with lightweight differential privacy injection. Under highly heterogeneous data settings, SecFPP achieves state-of-the-art accuracy—significantly outperforming both non-private and existing private baselines—while provably ensuring strong privacy guarantees against prompt stealing and membership inference attacks, thus enabling high-performance personalization without compromising privacy.

Prompt learning is a crucial technique for adapting pre-trained multimodal language models (MLLMs) to user tasks. Federated prompt personalization (FPP) is further developed to address data heterogeneity and local overfitting, however, it exposes personalized prompts - valuable intellectual assets - to privacy risks like prompt stealing or membership inference attacks. Widely-adopted techniques like differential privacy add noise to prompts, whereas degrading personalization performance. We propose SecFPP, a secure FPP protocol harmonizing generalization, personalization, and privacy guarantees. SecFPP employs hierarchical prompt adaptation with domain-level and class-level components to handle multi-granular data imbalance. For privacy, it uses a novel secret-sharing-based adaptive clustering algorithm for domain-level adaptation while keeping class-level components private. While theoretically and empirically secure, SecFPP achieves state-of-the-art accuracy under severe heterogeneity in data distribution. Extensive experiments show it significantly outperforms both non-private and privacy-preserving baselines, offering a superior privacy-performance trade-off.