"Differential Privacy for ML Engineers: Practical Budgets, Noise, and Tradeoffs"
Differential privacy is often treated as a research badge or a compliance checkbox; in production it should be an engineering contract with explicit assumptions, measurable parameters, and auditable outputs. This book is written for experienced ML engineers, applied scientists, and platform leads who need to ship models with defensible privacy guarantees—without hand-waving about what ? "means" or hoping that library defaults are correct.
You'll learn to define the right privacy unit (event-level vs user-level), reason about attacker capabilities, and draw the correct boundary around an end-to-end pipeline. The book then builds the working toolkit: sensitivity and clipping, Laplace vs Gaussian noise, DP-SGD mechanics (sampling, per-example gradients, noisy optimization), and practical privacy accounting with Renyi DP and conversion to (?, ?). From there, it focuses on the decisions that determine success: budgeting across training and releases, tuning the hyperparameters that dominate privacy loss, running private evaluation and model selection, and reading privacy-utility curves to diagnose whether noise, clipping, or optimization instability is the bottleneck.
Prerequisites are comfort with modern ML training and systems. The emphasis is pragmatic and review-ready: common failure modes, distributed-training gotchas, non-private layers, and a concrete audit checklist for defending your reported ? in production.
