Risk
Model Theft / Extraction
Description
Attackers use the deployed inference endpoint to extract model weights, architecture, or decision boundaries.
Example
Attacker queries endpoint to reconstruct or clone the proprietary model.
Assets Affected
Model Inference endpoint
Model files
AI Model
Mitigation
- Rate limiting
- Differential privacy
- Anomaly detection
- Watermarking
- Monitor for extraction patterns
Standards Mapping
- ISO 42001: A.6.2.4, A.6.2.6
- NIST AI RMF: MEASURE 2.7, MANAGE 3.1
- DASF v2: MODEL MANAGEMENT 8.2, 8.4