Russia has developed a method to protect against theft of AI models

The institute cites the example of a French startup that is developing the Mistral model. Employees leaked a watermarked version of the old model, which was openly trained.

As explained in AIRI, AI model theft is a situation in which unauthorized individuals or legal entities illegally obtain and use models whose rights belong to other people, without their consent. The most popular approach is model distillation and additional training of the original model on a new data set. In this case, the method of obtaining the original model is hidden.

The method proposed by AIRI specialists makes it possible to obtain unique sets of triggers that are integrated into the AI ​​model and that are very likely to be maintained during any change.

This approach is independent of model type and imposes no restrictions on the size of the trigger set. AIRI notes that the approach can be applied to any model without compromising performance.

“First of all, our approach is useful for “closed” models distributed via APIs, since their theft probably indicates a violation of data confidentiality within the company,” said Oleg Rogov, head of the research group “Reliable and secure intelligent systems.” at the AIRI Institute.

He added that the method also supports the use of watermarks for models published under open source licenses.

“Digital watermarks will help establish that an open source model was copied without regard to the requirements of such a license and will help developers protect their reputation,” Rogov said.

The method code has already passed state registration and is publicly available. The institute has also filed a patent for the theft detection method. The algorithm is available on Github.