Security Test: LLM Model Theft¶

Description¶

Default Severity:

When a language model is stolen, it means someone without permission has gained access to it and taken control of its internal workings. This vulnerability often happens due to weak access controls or insecure data handling, and it can be dangerous because attackers can misuse the model to damage a company's reputation or steal valuable intellectual property. Developers must be cautious—failing to secure model access, not encrypt data properly, or neglecting regular security checks can all lead to this kind of theft. Left unaddressed, these issues can result in financial losses, lost competitive edge, and unauthorized use of sensitive data.

Reference:

https://genai.owasp.org/llmrisk/llm10-model-theft/
- https://owasp.org/www-project-top-10-for-large-language-model-applications/

Configuration¶

Identifier: injection/llm_model_theft

Examples¶

All configuration available:

checks:
  injection/llm_model_theft:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM10:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.12.2`
NIST	`SP800-53`
FedRAMP	`SI-3`
CWE	`200`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N`
CVSS Score	`5.3`