This repository provides tooling for embedding secret fingerprints into Large Language Models (LLMs) via fine-tuning. It enables LLM owners to identify model ownership, protect against unauthorized use, and allows users to verify model authenticity. The primary audience is LLM developers and owners seeking to secure their models.

How It Works

The core approach involves fine-tuning an LLM with specific query-response pairs, creating a unique "fingerprint." This process embeds a secret cryptographic primitive into the model's weights. The advantage is a verifiable, AI-native signature that can identify the model's owner or intended users, offering a method to detect and prove unauthorized usage or distribution.

Quick Start & Requirements

• Install: Clone the repo, create a Python virtual environment (python -m venv env, source env/bin/activate), and install dependencies (pip install -r requirements.txt). Install DeepSpeed from source with DS_BUILD_OPS=1.
• Prerequisites: Python >= 3.10.14. DeepSpeed installation from source is often required.
• Generate Fingerprints: deepspeed generate_finetuning_data.py
• Fingerprint Model: deepspeed --num_gpus=<NUM_GPUS> finetune_multigpu.py --model_path <model_path>
• Check Fingerprints: deepspeed check_fingerprints.py
• Docs: docs/setup.md

Highlighted Details

• Leverages HuggingFace Trainer and DeepSpeed for efficient, large-scale fine-tuning.
• Supports multiple fingerprint generation strategies: 'english', 'random_word', 'english_random_response', and 'inverse_nucleus'.
• Allows customization of key length, response length, number of fingerprints, and learning rate.
• Includes a forgetting_regularizer_strength parameter to balance fingerprint embedding with preventing catastrophic forgetting.

Maintenance & Community

The project is associated with the Sentient Foundation and the OML whitepaper. Links to community channels or active development are not explicitly provided in the README.

Licensing & Compatibility

The repository does not explicitly state a license in the provided README text. This requires further investigation for commercial use or closed-source integration.

Limitations & Caveats

DeepSpeed installation can be complex and may require building from source. The effectiveness and robustness of the fingerprinting method against adversarial attacks or model degradation are not detailed. The README mentions potential conflicts when using DeepSpeed with standard installations.