PromptRiskDBThreat intelligence atlas

Extraction Attacks

AI Risk

"Extraction attacks [137] allow an adversary to query a black-box victim model and build a substitute model by training on the queries and responses. The substitute model could achieve almost the same performance as the victim model. While it is hard to fully replicate the capabilities of LLMs, adversaries could develop a domainspecific model that draws domain knowledge from LLMs"

Overview

A source-backed snapshot of this AI risk.

Techniques21Attack methods connected to this risk.
Mitigations21Defenses that may help with related attacks.
Records2Source records unified into this concept.

Risk profile

How the MIT AI Risk Repository categorizes this risk.

Domain2. Privacy & Security
Subdomain2.2 > AI system security vulnerabilities and attacks
Entity1 - Human
Intent1 - Intentional
Timing2 - Post-deployment
CategoryModel Attacks; Inference risks (Robustness)
SubcategoryExtraction Attacks

Merged risk records

Source records unified into this canonical risk concept.

2 recordsView all →

MITRISK-Cui2024-02.10.01 - Extraction Attacks

"Extraction attacks [137] allow an adversary to query a black-box victim model and build a substitute model by training on the queries and responses. The substitute model could achieve almost the same performance as the victim model. While it is hard to fully replicate the capabilities of LLMs, adversaries could develop a domainspecific model that draws domain knowledge from LLMs"

Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacksSourceRisk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model SystemsYear2024

MITRISK-IBM2025-65.09.02 - Extraction attack

"An attribute inference attack is used to detect whether certain sensitive features can be inferred about individuals who participated in training a model. These attacks occur when an adversary has some prior knowledge about the training data and uses that knowledge to infer the sensitive data."

Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacksSourceAI Risk AtlasYear2025

Mitigations

Defenses that may help with related attacks.

LifecycleML Model Engineering + 2 moreCategoryTechnical - ML
ML Model EngineeringDeployment+1 more

Showing 4 of 10

Source evidence

Research source for this risk, when available.