[mvillagra]

the hash approach would work for integrity, but the threat model of ML is complex. We have for example knowledge distillation attacks. So you would like to be able to detect if your model was used without your permission and somebody else is telling everybody that they trained the model by themselves without acknowledging you.

[nickpsecurity]

That’s an interesting point. I think use without permission would work in my method since the source model is identified by it. They could put a public ledger of which ones are in use, too, if they wanted.

The training thing is outside the scope of my proposal. It’s amusing, though, since all major models infringed on copyrighted works when I surveyed them a year or so ago. They wanted people to obey their terms, like credit or no knowledge distillation. The same companies would illegally copy 1TB+ of others’ work without blinking. Is it even really their I.P. in that case?

So, I decided not to get involved in securing I.P. often built on infringed I.P.. The other proposal is more like stopping fraud against consumers.