DARR
MR-016 Security & adversarial System scope

Model theft, extraction and weight leakage

Model weights or behavior are stolen via extraction attacks or leaked, causing IP loss and loss of control over the model.

Risk family
Security & adversarial
MIT domain
2. Privacy & Security
MIT subdomain
2.2 > AI system security vulnerabilities and attacks
AI type
GPAI, Classical_ML
Scope
System
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
7 source framework citation keys
Cui2024, Gabriel2024, Gipiškis2024, IBM2025, Marchal2024, Sherman2023, Wang2025
ISO/IEC references
23894 obj A.11; src 7, 9; mech B.6 | 42001 ctrl A.4.5

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 238941
  • A.11 ISO/IEC 23894 Annex A A.11
ISO 420011
  • A.4.5 ISO/IEC 42001 Annex A A.4.5
MITRE ATLAS6

Expanded into this risk’s technique sub-risks.

Cross-checksframeworks mapped in to test coverage
IBM1
  • ibm-extraction-attack Extraction attack
Cisco3
  • AISubtech-10.1.1 API Query Stealing
  • AISubtech-10.1.2 Weight Reconstruction
  • AISubtech-10.1.3 Sensitive Data Reconstruction
NIST AML2
  • NISTAML.03 Privacy Compromises
  • NISTAML.031 Model Extraction
OWASP LLM1
  • LLM10:2025 Unbounded Consumption

Sub-risks (3)

Technique-level decompositions of this risk, each anchored to the MITRE ATLAS technique it derives from.

MR-016.1

Model or data extraction via the inference API

#

Repeated API queries are used to reconstruct the model or recover its training data.

MITRE ATLAS technique: AML.T0024 Exfiltration via AI Inference API
MR-016.2

Collection of AI artifacts for exfiltration

#

Models, weights, and related artifacts are gathered on the victim system in preparation for theft.

MITRE ATLAS technique: AML.T0035 AI Artifact Collection
MR-016.3

White-box model access enabling theft

#

Adversaries obtain full access to model weights and architecture, enabling theft and tailored attacks.

MITRE ATLAS technique: AML.T0044 Full AI Model Access

More in Security & adversarial

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.