Model Equality Testing: Which Model Is This API Serving?

TL;DR

This paper introduces Model Equality Testing, a statistical method to detect if an API's model output distribution differs from a reference, revealing potential model modifications without user notification.

Contribution

It formalizes the problem as a two-sample test and demonstrates the effectiveness of MMD-based tests, applied to real-world APIs to identify distributional differences.

Findings

MMD-based tests achieve 77.4% power with 10 samples per prompt.

Applied to commercial APIs, 11 out of 31 endpoints showed distributional differences.

Simple string kernels are effective for detecting model distortions.

Abstract

Users often interact with large language models through black-box inference APIs, both for closed- and open-weight models (e.g., Llama models are popularly accessed via Amazon Bedrock and Azure AI Studio). In order to cut costs or add functionality, API providers may quantize, watermark, or finetune the underlying model, changing the output distribution -- possibly without notifying users. We formalize detecting such distortions as Model Equality Testing, a two-sample testing problem, where the user collects samples from the API and a reference distribution and conducts a statistical test to see if the two distributions are the same. We find that tests based on the Maximum Mean Discrepancy between distributions are powerful for this task: a test built on a simple string kernel achieves a median of 77.4% power against a range of distortions, using an average of just 10 samples per prompt. We then apply this test to commercial inference APIs from Summer 2024 for four Llama models, finding that 11 out of 31 endpoints serve different distributions than reference weights released by Meta.