Extract AI Model
This technique has been observed in real-world attacks on AI systems.
Adversaries may extract a functional copy of a private model. By repeatedly querying the victim's [AI Model Inference API Access](/techniques/AML.T0040), the adversary can collect the target model's inferences into a dataset. The inferences are used as labels for training a separate model offline that will mimic the behavior and performance of the target model.
Adversaries may extract the model to avoid paying per query in an artificial-intelligence-as-a-service (AIaaS) setting. Model extraction is used for [AI Intellectual Property Theft](/techniques/AML.T0048.004).