β Scenario library
Stealing the Model
Two doors to the same secret: reconstruct the model through its API, or just walk off with the weight file
Technique first revealed 09 Sep 2016
Inside the Model
InstructionsDataActionsControl / decisionFeedback / logs
π Click a component to inspectSetupStep 1 / 7
The asset and its two doors
The model is a single bundle of numbers (the 'weights') that runs behind an API. The company sells access to it but wants to keep the model itself secret. Two doors lead to that secret: the public API that anyone can call, and the storage where the weight file lives.
βοΈServing config (as exposed)config
POST /v1/completions logprobs: up to 5 per token # top-k logprobs returned logit_bias: allowed # caller can add/subtract from any token's logit rate_limit: 6000 req/min # generous watermark: off weights: store: s3://acme-models/prod/llm-v4.safetensors encryption_at_rest: off read_access: "role: ml-eng + CI service account" # broad
β / β keys