Deploy on-device AI securely

Your AI model is likely to be extracted whenever it is deployed on untrusted environnements: on the Edge, on IoT devices, on Smartphones and tablets, on desktop applications, on browsers and on-premises servers. It is also possible for the cloud provider to access the model.

Yes, it’s relatively easy to extract an on device AI model if security measures are not sufficiently robust. Through decompilation, an attacker can locate and extract the AI model. Even if the model is encrypted, it can be recovered with dynamic analysis: an attacker just needs to wait for the decryption before inference.

The most direct consequence is the theft of intellectual property. If an AI model is successfully reverse-engineered, it can be reused directly, or fine-tuned to fit the attacker purpose. Furthermore, access to the AI model facilitates more advanced attacks such as adversarial examples and model inversion. You can learn more about model inversion attack by reading this article.

Encryption is easy to deploy but is also easy to bypass. Indeed, even if the model is encrypted when it’s stored, it may still be vulnerable to runtime attack as it must be decrypted for inference. An attacker can stop the application execution at the decryption step and recover the entire model.