This work addresses the high computational overhead and reliance on shadow models in privacy risk assessment for machine learning models. We propose LT-IQR, a lightweight method that quantifies record-level privacy vulnerability by computing the interquartile range (IQR) of per-sample loss trajectories—naturally generated during standard training—without requiring additional training, shadow models, or retraining. LT-IQR thus achieves zero incremental computational cost for fine-grained privacy risk evaluation. Extensive experiments across multiple datasets and model architectures demonstrate that LT-IQR achieves 92% precision@k=1%, significantly outperforming loss-based baselines and lightweight membership inference attacks (MIAs). Moreover, it exhibits strong generalization across diverse attack scenarios. By eliminating auxiliary modeling and computation, LT-IQR establishes a new paradigm for efficient, scalable, and deployment-friendly privacy auditing.

Membership inference attacks (MIAs) are widely used to empirically assess privacy risks in machine learning models, both providing model-level vulnerability metrics and identifying the most vulnerable training samples. State-of-the-art methods, however, require training hundreds of shadow models with the same architecture as the target model. This makes the computational cost of assessing the privacy of models prohibitive for many practical applications, particularly when used iteratively as part of the model development process and for large models. We propose a novel approach for identifying the training samples most vulnerable to membership inference attacks by analyzing artifacts naturally available during the training process. Our method, Loss Trace Interquantile Range (LT-IQR), analyzes per-sample loss trajectories collected during model training to identify high-risk samples without requiring any additional model training. Through experiments on standard benchmarks, we demonstrate that LT-IQR achieves 92% precision@k=1% in identifying the samples most vulnerable to state-of-the-art MIAs. This result holds across datasets and model architectures with LT-IQR outperforming both traditional vulnerability metrics, such as loss, and lightweight MIAs using few shadow models. We also show LT-IQR to accurately identify points vulnerable to multiple MIA methods and perform ablation studies. We believe LT-IQR enables model developers to identify vulnerable training samples, for free, as part of the model development process. Our results emphasize the potential of artifact-based methods to efficiently evaluate privacy risks.