This work proposes a novel approach to membership inference attacks (MIAs) by leveraging large language model (LLM) agents to automatically explore the space of attack signal computations and end-to-end generate customized MIA strategies tailored to a given target model and dataset, eliminating the need for manual design. Traditional MIAs rely heavily on handcrafted heuristics, resulting in low efficiency and poor generalization. In contrast, the proposed method autonomously discovers new, highly effective attacks across multiple benchmarks, achieving state-of-the-art performance with improvements of up to 0.18 in AUC. This advancement significantly contributes to the fields of automated privacy attacks and systematic evaluation of model vulnerabilities.

Membership inference attacks (MIAs), which enable adversaries to determine whether specific data points were part of a model's training dataset, have emerged as an important framework to understand, assess, and quantify the potential information leakage associated with machine learning systems. Designing effective MIAs is a challenging task that usually requires extensive manual exploration of model behaviors to identify potential vulnerabilities. In this paper, we introduce AutoMIA -- a novel framework that leverages large language model (LLM) agents to automate the design and implementation of new MIA signal computations. By utilizing LLM agents, we can systematically explore a vast space of potential attack strategies, enabling the discovery of novel strategies. Our experiments demonstrate AutoMIA can successfully discover new MIAs that are specifically tailored to user-configured target model and dataset, resulting in improvements of up to 0.18 in absolute AUC over existing MIAs. This work provides the first demonstration that LLM agents can serve as an effective and scalable paradigm for designing and implementing MIAs with SOTA performance, opening up new avenues for future exploration.