EditMF: Drawing an Invisible Fingerprint for Your Large Language Models

TL;DR

EditMF introduces a training-free, highly imperceptible fingerprinting method for large language models that ensures ownership verification with minimal impact on model performance and high robustness against attacks.

Contribution

The paper presents EditMF, a novel training-free fingerprinting approach that embeds ownership marks into LLMs using minimal, semantically coherent modifications, improving stealth and efficiency over prior methods.

Findings

High imperceptibility of embedded fingerprints

Negligible performance loss on LLMs

Robustness surpassing LoRA-based methods

Abstract

Training large language models (LLMs) is resource-intensive and expensive, making protecting intellectual property (IP) for LLMs crucial. Recently, embedding fingerprints into LLMs has emerged as a prevalent method for establishing model ownership. However, existing back-door-based methods suffer from limited stealth and efficiency. To simultaneously address these issues, we propose EditMF, a training-free fingerprinting paradigm that achieves highly imperceptible fingerprint embedding with minimal computational overhead. Ownership bits are mapped to compact, semantically coherent triples drawn from an encrypted artificial knowledge base (e.g., virtual author-novel-protagonist facts). Causal tracing localizes the minimal set of layers influencing each triple, and a zero-space update injects the fingerprint without perturbing unrelated knowledge. Verification requires only a single black-box query and succeeds when the model returns the exact pre-embedded protagonist. Empirical results on LLaMA and Qwen families show that EditMF combines high imperceptibility with negligible model's performance loss, while delivering robustness far beyond LoRA-based fingerprinting and approaching that of SFT embeddings. Extensive experiments demonstrate that EditMF is an effective and low-overhead solution for secure LLM ownership verification.