Model theft, extraction and weight leakage
Model weights or behavior are stolen via extraction attacks or leaked, causing IP loss and loss of control over the model.
- Risk family
- Security & adversarial
- MIT domain
- 2. Privacy & Security
- MIT subdomain
- 2.2 > AI system security vulnerabilities and attacks
- AI type
- GPAI, Classical_ML
- Scope
- System
- Source standard
- MIT AI Risk Repository v4
Provenance
7 source framework citation keys
Framework crosswalk
Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.
- A.11 ISO/IEC 23894 Annex A A.11
- A.4.5 ISO/IEC 42001 Annex A A.4.5
Expanded into this risk’s technique sub-risks.
- ibm-extraction-attack Extraction attack
- AISubtech-10.1.1 API Query Stealing
- AISubtech-10.1.2 Weight Reconstruction
- AISubtech-10.1.3 Sensitive Data Reconstruction
- NISTAML.03 Privacy Compromises
- NISTAML.031 Model Extraction
- LLM10:2025 Unbounded Consumption
Sub-risks (3)
Technique-level decompositions of this risk, each anchored to the MITRE ATLAS technique it derives from.
Repeated API queries are used to reconstruct the model or recover its training data.
Models, weights, and related artifacts are gathered on the victim system in preparation for theft.
Adversaries obtain full access to model weights and architecture, enabling theft and tailored attacks.
Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.