Title: Ensuring Privacy and Stability in Test-Time Adaptation via Differential Privacy

Abstract: Test-time adaptation (TTA) offers a mechanism to lower error rates on novel or shifting datasets by refining model parameters using incoming inference inputs. Nevertheless, this process introduces significant privacy concerns regarding test data, as the model’s state becomes contingent upon the entire history of inputs received. To mitigate these privacy risks, we transform several widely used TTA algorithms—including Tent, EATA, SAR, DeYO, and COME—into differentially private (DP) frameworks. This is achieved by implementing per-sample gradient clipping and injecting Gaussian noise into every update step. Our experiments on ImageNet-C demonstrate that these DP-enhanced TTA methods maintain strong privacy guarantees with only a minor impact on accuracy. Furthermore, in scenarios with lower privacy budgets, the clipping component inherent to DP actually enhances both the accuracy and stability of the adaptation process in continual learning settings. These privacy and performance gains are achieved with negligible additional computational cost. As the initial findings in the domain of private TTA, this work highlights the importance of data privacy in adaptive models, guides the creation of more secure test-time updates, and establishes per-sample clipping as a potent strategy for boosting adaptation robustness and precision.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC