Stealing Machine Learning Models via Prediction APIs

Our summary

Demonstrates that black-box query access to a prediction API is enough to reconstruct a model's functionality with near-perfect fidelity across several model classes — model theft without the weights.

Why it matters

The foundational threat model behind distillation and model-extraction probing — the confidentiality and IP surface functional testing never touches.

Cited by these methods

Cite this