In differentially private deep learning, fixed gradient clipping thresholds often lead to optimization bias or noise-dominated updates, degrading model performance. This work proposes the first adaptive gradient clipping method grounded in control theory, integrating a feedback control mechanism into differentially private training. By leveraging lightweight spectral analysis of model weights—including spectral decomposition and estimation of heavy-tailed spectral indicators—the method dynamically adjusts the clipping threshold. A logarithmic-domain multiplicative feedback controller is employed to ensure stable optimization. Crucially, this approach incurs no additional privacy cost, effectively balancing gradient clipping and noise injection without increasing privacy loss, thereby significantly improving both training stability and accuracy of privacy-preserving models.

Privacy-preserving training on sensitive data commonly relies on differentially private stochastic optimization with gradient clipping and Gaussian noise. The clipping threshold is a critical control knob: if set too small, systematic over-clipping induces optimization bias; if too large, injected noise dominates updates and degrades accuracy. Existing adaptive clipping methods often depend on per-example gradient norm statistics, adding computational overhead and introducing sensitivity to datasets and architectures. We propose a control-driven clipping strategy that adapts the threshold using a lightweight, weight-only spectral diagnostic computed from model parameters. At periodic probe steps, the method analyzes a designated weight matrix via spectral decomposition and estimates a heavy-tailed spectral indicator associated with training stability. This indicator is smoothed over time and fed into a bounded feedback controller that updates the clipping threshold multiplicatively in the log domain. Because the controller uses only parameters produced during privacy-preserving training, the resulting threshold updates are post-processing and do not increase privacy loss beyond that of the underlying DP optimizer under standard composition accounting.