dreuter

Message

111

Defending Against Model Weight Exfiltration Through Inference Verification

Authors: Roy Rinberg, Adam Karvonen, Alex Hoover, Daniel Reuter, Keri Warr Arxiv paper link One Minute Summary Anthropic has adopted upload limits to prevent model weight exfiltration. The idea is simple: model weights are very large, text outputs are small, so if we cap the output bandwidth, we can make...

Dec 15, 2025•119

Message

111 karma

Member for 3 years

dreuter — LessWrong

dreuter

Message

111

dreuter

Defending Against Model Weight Exfiltration Through Inference Verification

Dec 15, 2025•119

Message

111 karma

Member for 3 years

Defending Against Model Weight Exfiltration Through Inference Verification

Roy Rinberg

Roy Rinberg, Adam Karvonen, dreuter, Keri Warr+ 0 more

Roy Rinberg, Adam Karvonen, dreuter, Keri Warr

2mo

Authors: Roy Rinberg, Adam Karvonen, Alex Hoover, Daniel Reuter, Keri Warr

Arxiv paper link

One Minute Summary

Anthropic has adopted upload limits to prevent model weight exfiltration. The idea is simple: model weights are very large, text outputs are small, so if we cap the output bandwidth, we can make model weight transfer take a long time. The problem is that inference servers now generate an enormous amount of tokens (on the order of ~1TB tokens per day), and the output text channel is the one channel you can't easily restrict.

Nonetheless, in this work we find that it’s possible to dramatically limit the amount of information an adversary can send using those output tokens. This... (read 2304 more words →)

119

LESSWRONG
LW

LESSWRONG
LW

dreuter

dreuter

dreuter

Defending Against Model Weight Exfiltration Through Inference Verification

dreuter

dreuter

dreuter

Defending Against Model Weight Exfiltration Through Inference Verification