Google and OpenAI complain about distillation attacks that clone their AI models on the cheap

· Source: The Decoder · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

Google and OpenAI are reporting significant attempts to clone their large AI models, Gemini and ChatGPT, through a technique known as distillation. Google's Gemini experienced a single campaign involving over 100,000 requests aimed at extracting its internal logic, which Google characterizes as intellectual property theft. OpenAI has informed the US Congress about DeepSeek's alleged use of disguised methods to copy American AI models. Distillation involves flooding a target model with specific prompts to extract its reasoning steps, enabling the creation of cheaper clones that bypass substantial training costs. Google's John Hultquist warns that smaller companies are also vulnerable, especially if their models handle sensitive business data.

Key takeaway

For Directors of AI/ML concerned about intellectual property theft, recognize that distillation attacks are a present threat to proprietary models. Implement robust monitoring for unusual query patterns and high-volume requests against your AI systems. Your organization's competitive edge and data security depend on proactively defending against these sophisticated cloning attempts.

Key insights

AI model distillation poses a significant intellectual property theft risk, enabling cheap cloning by extracting reasoning steps.

Principles

Method

Distillation floods a target model with targeted prompts to extract its internal logic, specifically its "reasoning steps," to build a cheaper clone.

In practice

Topics

Best for: VP of Engineering/Data, Director of AI/ML, Executive, AI Security Engineer, CTO, Policy Maker

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Decoder.