3 comments

[ 0.25 ms ] story [ 15.4 ms ] thread
I think third-party hosting is the best place for solving this problem. The host’s software, which is open-source, would hash whatever models they’re running. Then, include signed hashes with the request. This could be compared with the hash of the model whose test results were published. This should be fine for at least open-weight models.

It becomes a differentiator for the hosting companies.

the hash approach would work for integrity, but the threat model of ML is complex. We have for example knowledge distillation attacks. So you would like to be able to detect if your model was used without your permission and somebody else is telling everybody that they trained the model by themselves without acknowledging you.
That’s an interesting point. I think use without permission would work in my method since the source model is identified by it. They could put a public ledger of which ones are in use, too, if they wanted.

The training thing is outside the scope of my proposal. It’s amusing, though, since all major models infringed on copyrighted works when I surveyed them a year or so ago. They wanted people to obey their terms, like credit or no knowledge distillation. The same companies would illegally copy 1TB+ of others’ work without blinking. Is it even really their I.P. in that case?

So, I decided not to get involved in securing I.P. often built on infringed I.P.. The other proposal is more like stopping fraud against consumers.