Federated Adversarial Training for Privacy-Preserving Robust Large Language Model Agents in Distributed Medical Decision Support Systems

Authors

  • Nanoj Gheakur Department of Computer Science, University of Central Florida, Orlando, FL, USA.
  • Milos Stanley Department of Computer Science, Colorado State University, Fort Collins, CO, USA.
  • Clifford R. Gran Department of Computer Science, University of Houston, Houston, TX, USA.

Keywords:

federated learning, adversarial training, large language models, medical decision support, privacy preservation, robustness, distributed systems, healthcare AI

Abstract

The rapid integration of large language model (LLM) agents into clinical decision support systems promises transformative advances in diagnostic accuracy, treatment personalization, and operational efficiency. However, the deployment of such systems across distributed healthcare networks introduces profound challenges at the intersection of data privacy, model robustness, and regulatory compliance. Centralizing sensitive patient data for training is often infeasible under frameworks such as HIPAA and GDPR, while LLM agents remain vulnerable to adversarial manipulations that can induce harmful clinical errors. This paper presents a comprehensive system-level investigation of federated adversarial training as a unified paradigm for cultivating privacy-preserving yet robust LLM agents within distributed medical decision support infrastructures. We analyze the architectural design space encompassing secure aggregation, differential privacy, and adversarial example generation orchestrated across heterogeneous clinical sites. The discussion extends to structural trade-offs between communication efficiency, model utility, and resilience to both data-poisoning and evasion attacks in the linguistic domain. We examine the complex interplay between adversarial robustness mechanisms and privacy leakage, highlighting how federated optimization can amplify or mitigate membership inference risks. Furthermore, we address infrastructure sustainability, computational resource allocation, edge-cloud orchestration, and the carbon footprint of continuously retraining medical LLM agents. Governance challenges, fairness across demographically diverse populations, and the alignment of federated adversarial training with evolving regulatory instruments for AI-based medical devices are critically evaluated. The paper concludes by outlining forward-looking policy and design recommendations to bridge the gap between theoretical robustness guarantees and operational medical realities.

References

1. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics (pp. 1273-1282). PMLR.

2. Rieke, N., Hancox, J., Li, W., Milletari, F., Roth, H. R., Albarqouni, S., ... & Maier-Hein, K. (2020). The future of digital health with federated learning. NPJ digital medicine, 3(1), 119.

3. Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 308-318).

4. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. In International conference on learning representations.

5. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2018). Towards deep learning models resistant to adversarial attacks. In International conference on learning representations.

6. Ebrahimi, J., Rao, A., Lowd, D., & Dou, D. (2018). HotFlip: White-box adversarial examples for text classification. In Proceedings of the 56th annual meeting of the association for computational linguistics (pp. 31-36).

7. Wallace, E., Feng, S., Kandpal, N., Gardner, M., & Singh, S. (2019). Universal adversarial triggers for attacking and analyzing NLP. In Proceedings of the 2019 conference on empirical methods in natural language processing and the 9th international joint conference on natural language processing.

8. Finlayson, S. G., Bowers, J. D., Ito, J., Zittrain, J. L., Beam, A. L., & Kohane, I. S. (2019). Adversarial attacks on medical machine learning. Science, 363(6433), 1287-1289.

9. Perez, F., & Ribeiro, I. (2022). Ignore previous prompt: Attack techniques for language models. In NeurIPS ML Safety Workshop.

10. Carlini, N., Ippolito, D., Jagielski, M., Lee, K., Tramer, F., & Zhang, C. (2023). Quantifying memorization across neural language models. In International conference on learning representations.

11. Hu, S. (2026). Research on Security Enhancement Methods for Adversarial Robust Large Language Model Intelligent Agents for Medical Decision-Making Tasks. arXiv preprint arXiv:2605.08257.

12. Zizzo, G., Rawat, A., Sinn, M., & Buesser, B. (2020). Federated adversarial learning for robust models. In Workshop on decentralized and distributed learning.

13. Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., McMahan, H. B., Patel, S., ... & Seth, K. (2017). Practical secure aggregation for privacy-preserving machine learning. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (pp. 1175-1191).

14. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. In International conference on artificial intelligence and statistics (pp. 2938-2948). PMLR.

15. Papernot, N., McDaniel, P., Wu, X., Jha, S., & Swami, A. (2016). Distillation as a defense to adversarial perturbations against deep neural networks. In 2016 IEEE symposium on security and privacy (SP) (pp. 582-597). IEEE.

16. Sun, Y., Ochiai, H., Sakaguchi, K., & Baral, C. (2022). Towards understanding the trade-off between robustness and accuracy in text classification. In Findings of the Association for Computational Linguistics: EMNLP 2022.

17. Chowdhury, A., Kassem, H., Padoy, N., & Varma, R. (2022). Federated adversarial learning for robust medical image analysis. In Medical image computing and computer assisted intervention – MICCAI 2022.

18. Wen, Y., Geiping, J., Fowl, L., Goldblum, M., & Goldstein, T. (2022). Fishing for user data in large-batch federated learning via gradient magnification. In International conference on machine learning.

19. Rajpurkar, P., Chen, E., Banerjee, O., & Topol, E. J. (2022). AI in health and medicine. Nature Medicine, 28(1), 31-38.

20. Topol, E. J. (2019). High-performance medicine: the convergence of human and artificial intelligence. Nature Medicine, 25(1), 44-56.

21. Ly, A., Marsman, M., Verhagen, J., Grasman, R. P., & Wagenmakers, E. J. (2017). A tutorial on Fisher information. Journal of Mathematical Psychology, 80, 40-55.

22. Dwork, C., & Roth, A. (2014). The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science, 9(3-4), 211-407.

23. Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A. N., ... & Zhao, S. (2021). Advances and open problems in federated learning. Foundations and Trends in Machine Learning, 14(1-2), 1-210.

Downloads

Published

2026-05-29

How to Cite

Nanoj Gheakur, Milos Stanley, & Clifford R. Gran. (2026). Federated Adversarial Training for Privacy-Preserving Robust Large Language Model Agents in Distributed Medical Decision Support Systems. Bioinformatics Insights and Analytics, 1(1). Retrieved from https://bioinfia.org/index.php/home/article/view/139

Issue

Vol. 1 No. 1 (2026): Bioinformatics Insights and Analytics

Section

Articles

License

Copyright (c) 2026 Bioinformatics Insights and Analytics

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.