This paper introduces a testing methodology to quantitatively assess the risk that generative sequence models, trained on sensitive data, unintentionally memorize rare or unique training sequences. The authors demonstrate that such memorization is a persistent issue with serious consequences, as it can lead to the extraction of sensitive information like credit card numbers. They propose an exposure metric to measure the likelihood of a model memorizing specific sequences and describe efficient procedures to extract these sequences. The methodology is applied to various models, including Google's Smart Compose, a commercial text-completion model trained on millions of users' emails, showing that unintended memorization is common and hard to prevent without differential privacy techniques. The paper also discusses the practical implications of these findings and provides recommendations for practitioners to minimize privacy risks.This paper introduces a testing methodology to quantitatively assess the risk that generative sequence models, trained on sensitive data, unintentionally memorize rare or unique training sequences. The authors demonstrate that such memorization is a persistent issue with serious consequences, as it can lead to the extraction of sensitive information like credit card numbers. They propose an exposure metric to measure the likelihood of a model memorizing specific sequences and describe efficient procedures to extract these sequences. The methodology is applied to various models, including Google's Smart Compose, a commercial text-completion model trained on millions of users' emails, showing that unintended memorization is common and hard to prevent without differential privacy techniques. The paper also discusses the practical implications of these findings and provides recommendations for practitioners to minimize privacy risks.