Title: Catch-Only-One: Non-Transferable Examples for Model-Specific Authorization

Abstract:

Emerging AI regulations are placing greater emphasis on the necessity of mechanisms that balance data utility for innovation with strict misuse prevention, specifically by mandating purpose limitation in downstream AI applications. However, implementing this principle is notoriously difficult, as released datasets can easily be ingested by arbitrary models that operate outside their intended scope. Current mitigation strategies typically involve either perturbing the data or retraining models to curb unintended usage. Yet, these methods fail to provide safeguards against inference by unknown or externally trained models and often depend heavily on controlling the training or deployment processes.

To address these limitations, we present Non-Transferable Examples (NTEs)—a form of recoded data that functions as a task-level "ciphertext," accessible only to a specific designated model. While adversarial examples exploit directions of high model sensitivity, NTEs utilize the complementary, insensitive subspace. We introduce a training-free, data-agnostic approach that recodes information within a model-specific low-sensitivity subspace. This technique maintains output fidelity for authorized models while degrading performance for unauthorized ones via subspace misalignment. We provide formal bounds that certify the fidelity of the authorized model and demonstrate that the degradation for unauthorized systems correlates with the measurable spectral misalignment between them.

Empirical evaluations show that NTEs sustain performance across various vision backbones and state-of-the-art vision-language models, even when subjected to standard preprocessing. Conversely, unauthorized models suffer significant performance collapse, remaining vulnerable even against adaptive reconstruction attacks. These findings position NTEs as a viable solution for maintaining intended data utility while blocking unauthorized exploitation. The project is available at https://trusted-system-lab.github.io/model-specificity

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC