Trusting What You Cannot See: Auditable Fine-Tuning and Inference for Proprietary AI

TL;DR

This paper introduces AFTUNE, a framework that provides practical, auditable, and verifiable cloud-based fine-tuning and inference for large language models, addressing security and transparency concerns.

Contribution

AFTUNE offers a lightweight, verifiable tracing mechanism for cloud-based LLM fine-tuning and inference, enabling practical auditing and ensuring computation integrity.

Findings

AFTUNE incurs minimal overhead in verification processes.

Clients can efficiently audit training and inference configurations.

The framework demonstrates practical applicability in real cloud environments.

Abstract

Cloud-based infrastructures have become the dominant platform for deploying large models, particularly large language models (LLMs). Fine-tuning and inference are increasingly delegated to cloud providers for simplified deployment and access to proprietary models, yet this creates a fundamental trust gap: although cryptographic and TEE-based verification exist, the scale of modern LLMs renders them prohibitive, leaving clients unable to practically audit these processes. This lack of transparency creates concrete security risks that can silently compromise service integrity. We present AFTUNE, an auditable and verifiable framework that ensures the computation integrity of cloud-based fine-tuning and inference. AFTUNE incorporates a lightweight recording and spot-check mechanism that produces verifiable traces of execution. These traces enable clients to later audit whether the training and inference processes followed the agreed configurations. Our evaluation shows that AFTUNE imposes practical computation overhead while enabling selective and efficient verification, demonstrating that trustworthy model services are achievable in today's cloud environments.