DA 5001 / DA 6336: Privacy in AI

Jan-May 2026 @ IIT Madras in CRC 201 in Slot J (weekly schedule)

Instructor: Krishna Pillutla

Announcements     Piazza     Gradescope

• Course Description
• Grading
• Homework
• Course Project
• Resources
• Honour Code

Course Description

As AI rapidly advances, so do concerns about data privacy and responsible data usage. This course explores these areas with foundational mathematical principles, cutting-edge research, and practical applications. We will focus on rigorous mathematical tools (with proofs), algorithm design for practical applications, and implementation.

Topics: privacy risks, differential privacy & properties, private learning algorithms, protecting against data reconstruction. We will also cover a sampling of advanced topics including privacy in distributed and federated learning, emerging challenges of privacy and copyright in LLMs and GenAI, federated learning, and unlearning.

See the course calendar for up-to-date syllabus.

Logistics

We will use Piazza for communication and Gradescope for submitting assignments, project reports, etc. (links TBD)

Grading

• Homework + Mini-Quizzes: 30% (10% each for best 3 from HW1-4)
• Midterm: 30%
• Course Project: 40%
  • Proposal: 5%
  • Midpoint Report: 10%
  • Presentation: 10%
  • Final Report: 15%

Homework

We will have 4 homeworks, plus the review HW0 released on the first day of class. Each HW (except HW0) will have a corresponding mini-quiz in class.

• HW0: Released Jan. 20th, due Jan. 30th at 11:59 PM. HW0 submission is mandatory, although it is ungraded.

The evaluation for HW1-4 will be as follows:

• theory: ungraded. But we will have a mini-quiz based on (variants of) the HW problems after each HW is due. The mini-quiz will be in-class, on-paper, and closed notes.
• implementation: the outputs (e.g. plots) will be graded as per usual.

Instructions

• Please submit your solutions via Gradescope (link TBD).
• For the mathematical problems (in the mini-quizzes), please be succinct and justify all the steps. Proofs are required to be fully rigorous and justified, similar to how we present them in class.
• You have a total budget of 3 late days for homeworks, no questions asked. A submission a few minutes after the deadline will also count as a full late day. Further delays after exhausting the late day budget will result in a zero grade for that homework.
• No late days will be allowed for project-related deadlines.
• For coding assignments, please submit the exported PDF to gradescope. Please also separately submit your executable JuPyTer notebook to Gradescope.

Collaboration Policy

You can collaborate with others on the homework, provided:

• You acknowledge everybody you worked with in your submission. Similarly, external resources you consulted should also be cited.
• You write your own solutions and code independently and from scratch. You are required to do this without referring any material from joint discussions including written notes or photos. In other words, you must internalise any solution/code deeply enough to recreate it fully by yourself before submitting it as your own work.
• Copy-pasting is strictly not allowed.

LLM Policy

Use of LLMs is allowed for all parts of the course (except exams), provided you acknowledge their use. That is, you must provide the name of the LLM, the exact promot, and a summary of how it helped.

Course Project

The course will involve a final project to be performed in groups of 2 or 3 (exact details TBD).

The course project can be one of the three types:

• An original research project: can be theory/applied/both. Your are welcome to work on your own research project, as long as it involves a component related to privacy in AI.
• Implementation: benchmarking existing algorithms and open-sourcing by creating your own package or contributing to existing ones.
• In-depth paper analysis: read and analyse the results of a theoretical paper, and reproduce the proofs in your own words.

The project will require a proposal (mid-March), a midpoint review (early April), a presentation (last week of classes), and a final report (end-sem week). The exact dates and further details will be annouced in the calendar.

Resources

The references and reading (including book chapters and papers) for each lecture will be posted on the Calendar/Syllabus page. This will include parts of the following monographs/textbooks (PDFs available for free online):

• [DPAI book] Fioretto, Van Hentenryck, et al. (2025). Differential Privacy in Artificial Intelligence: From, Theory to Practice. Free PDF at: webpage
• Dwork & Roth (2014). The Algorithmic Foundations of Differential Privacy. PDF
• Vadhan (2017). The Complexity of Differential Privacy. PDF
• Near & Abuah (2021). Programming Differential Privacy. PDF & Notebooks

Honour Code

Here is the full honour code.

We fully expect and believe that you will conduct yourself with academic and personal integrity. While we will follow IITM policies, it is ultimately up to you to conduct yourself with integrity for several compelling reasons that go beyond this course.

Respect diversity: There is a place in this classroom and at IITM for everyone who is curious and passionate about exploring knowledge. Let us all be mindful of creating a welcoming and inclusive space.

As the next generation, you have the power to shape the future: aim to make the world a better place!