Extraction Attacks
AI Risk"Extraction attacks [137] allow an adversary to query a black-box victim model and build a substitute model by training on the queries and responses. The substitute model could achieve almost the same performance as the victim model. While it is hard to fully replicate the capabilities of LLMs, adversaries could develop a domainspecific model that draws domain knowledge from LLMs"
Overview
A source-backed snapshot of this AI risk.
Risk profile
How the MIT AI Risk Repository categorizes this risk.
Merged risk records
Source records unified into this canonical risk concept.
MITRISK-Cui2024-02.10.01 - Extraction Attacks
"Extraction attacks [137] allow an adversary to query a black-box victim model and build a substitute model by training on the queries and responses. The substitute model could achieve almost the same performance as the victim model. While it is hard to fully replicate the capabilities of LLMs, adversaries could develop a domainspecific model that draws domain knowledge from LLMs"
MITRISK-IBM2025-65.09.02 - Extraction attack
"An attribute inference attack is used to detect whether certain sensitive features can be inferred about individuals who participated in training a model. These attacks occur when an adversary has some prior knowledge about the training data and uses that knowledge to infer the sensitive data."
Mitigations
Defenses that may help with related attacks.
Showing 4 of 10
Source evidence
Research source for this risk, when available.
Included resource
Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems
Original source
MIT AI Risk Repository
Open the public repository used for AI risk records and taxonomy fields.
