“Distillation” Theft: Attackers Target AI Models in New Wave of Intellectual Property Heists

A new report from the Google Threat Intelligence Group (GTIG) has revealed a sharp rise in a sophisticated form of intellectual property theft known as “model extraction” or “distillation attacks.” As the race for artificial intelligence dominance heats up, private sector entities and researchers are increasingly trying to clone the proprietary logic of leading AI models rather than building their own from scratch.

Model extraction involves querying a powerful “teacher” model to train a smaller “student” model, effectively stealing the capabilities of the larger system without paying for the R&D. While nation-state actors have been quiet on this front, the commercial sector is buzzing with activity.

“We observed and mitigated frequent model extraction attacks from private sector entities all over the world and researchers seeking to clone proprietary logic,” the report states.

These attacks violate terms of service and represent a direct threat to the competitive advantage of major AI labs. Google DeepMind and GTIG noted that they have been actively “detecting, disrupting, and mitigating model extraction activity” to protect their intellectual property.

Beyond model theft, the report uncovers a thriving black market for stolen AI resources. Attackers are exploiting vulnerable open-source AI tools to harvest API keys from unsuspecting users. Platforms like One API and New API, popular for bypassing censorship, have become hunting grounds for credential thieves.

“Vulnerable open-source AI tools are commonly exploited to steal AI API keys from users, thus facilitating a thriving black market for unauthorized API resale and key hijacking,” GTIG explains.

In one notable case, Google disrupted an actor known as Xanthorox, who was leveraging these techniques to build an “agentic AI service” on the back of stolen commercial models.

The report serves as a warning that the security landscape for AI is expanding rapidly. It’s no longer just about generating malware; it’s about stealing the engine itself.

“This activity… underscore[s] a broader security risk where vulnerable open-source AI tools are actively exploited to steal users’ AI API keys… enabling widespread abuse, and incurring costs for the affected users,” the report concludes.

Related Posts:

• CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible!
• Chinese Hacker Group Chimera Invaded Dutch Chipmaker NXP for Nearly Three Years