Proving you own an AI model just got harder to argue against.
Researchers have proposed a fingerprinting framework for large language models designed to survive the two most common ways ownership evidence gets erased: defensive query filtering and post-deployment model modification. The system has two parts. Code-mixing Fingerprints (CF) craft trigger phrases that blend languages at the lowest measurable perplexity while staying complex enough to avoid accidental activation — sidestepping the longstanding tradeoff between fingerprints that look natural but fire by accident and garbled ones that are easy to spot and block. Multi-Candidate Editing (MCEdit) then bakes in structurally redundant, margin-separated trigger-target mappings so the ownership signal degrades gracefully rather than disappearing when someone fine-tunes or otherwise modifies the model.
Model theft is a real and growing problem as capable open-weight models proliferate and commercial fine-tuning becomes routine. Prior fingerprinting approaches tended to fail on at least one front — either too fragile under modification or too obvious to withstand basic filtering — which made them practically useless in adversarial deployments. A method that holds up under both pressures would give model developers a credible legal and technical tool for asserting ownership.
The framework was evaluated for imperceptibility, detectability, and harmlessness, with the authors reporting robust verification at negligible utility cost — though independent replication, not a preprint, is what turns a promising result into a deployable standard.