Risk
Intellectual Property (IP) Theft of Models
Description
Unauthorized copying, extraction, or reverse-engineering of proprietary trained models during the development or pre-deployment stages.
Example
An insider with access to model repositories exfiltrates a valuable proprietary model before it's secured for deployment.
Assets Affected
Model Files
Mitigation
- Implement strong access controls to model artifacts and training environments
- encrypt models at rest
- use watermarking or obfuscation techniques
- enforce legal agreements/NDAs
- monitor access to model repositories.
Standards Mapping
- ISO: A.6.2.4, A.10.2
- OWASP LLM: LLM10:2025
- EU AI Act: Art. 15(5)
- DASF: Model Management 8.2
- AIUC-1: A004