Search papers, labs, and topics across Lattice.
This paper exposes a novel threat known as fingerprint spoofing, where malicious providers can serve weaker models that mimic stronger ones to evade user-side fingerprinting verification. The authors prove that current fingerprinting methods are vulnerable due to user-side resource constraints, such as limited query budgets and ineffective classifiers. They introduce GhostPrint, a cost-effective attack framework that employs surrogate modeling and knowledge distillation, demonstrating its effectiveness in bypassing traditional fingerprinting methods while preserving model utility at a low fine-tuning cost.
Fingerprint spoofing allows adversarial providers to masquerade weak models as premium LLMs, undermining user trust in model verification processes.
As Large Language Model (LLM) APIs become ubiquitous, users increasingly rely on black-box fingerprinting to verify that providers are serving the advertised premium models. However, these methods may overlook adversarial providers who manipulate model weights to cheat the fingerprint process. We introduce a novel threat termed fingerprint spoofing, where a malicious provider stealthily serves a weaker model that has been parameter-efficiently fine-tuned to mimic a stronger model, thereby evading user-side fingerprinting. We first formally prove that user-side resource constraints (i.e., finite query budgets and weak fingerprinting classifiers) make current fingerprinting vulnerable to fingerprint spoofing. Guided by this theoretical analysis, we propose GhostPrint, a cost-effective attack framework leveraging surrogate modeling, reward-ranked fine-tuning, and knowledge distillation. Extensive evaluations in both static and continual fingerprinting settings demonstrate that GhostPrint allows weak models to consistently bypass representative fingerprint methods while maintaining utility at a low fine-tuning cost, exposing a critical vulnerability in current LLM fingerprinting pipelines.