We study private prediction where differential privacy is achieved by adding noise to the outputs of a non-private model. Existing methods rely on noise proportional to the global sensitivity of the model, often resulting in sub-optimal privacy-utility trade-offs compared to private training. We introduce a novel approach for computing dataset-specific upper bounds on prediction sensitivity by leveraging convex relaxation and bound propagation techniques. By combining these bounds with the smooth sensitivity mechanism, we significantly improve the privacy analysis of private prediction compared to global sensitivity-based approaches. Experimental results across real-world datasets in medical image classification and natural language processing demonstrate that our sensitivity bounds are can be orders of magnitude tighter than global sensitivity. Our approach provides a strong basis for the development of novel privacy preserving technologies.

Protecting users' private data when using machine learning models is a growing concern, especially in sensitive areas like healthcare and natural language processing. One way to ensure privacy is by adding random noise to a model’s predictions; however, current methods often add more noise than is necessary, reducing model performance. Our research presents a new way to compute the right amount of noise, by better understanding how sensitive a model's predictions are to changes in the data. Specifically, instead of using a global estimate, we develop a way to compute (or at least bound) more precise, data-specific estimates. Our method is demonstrated on real-world tasks, including medical image analysis and text processing, and we found that it significantly outperforms existing techniques.