This research reveals critical vulnerabilities in LLM watermarking systems designed to prevent unauthorized knowledge distillation from protected models.

• Watermark removal strategies including paraphrasing and mixing watermarked outputs with other data sources can effectively bypass detection
• Radioactive watermarks can be significantly weakened, allowing attackers to extract model capabilities without detection
• Current defenses inadequate against determined adversaries using sophisticated evasion techniques
• Risk mitigation strategies proposed, but complete protection remains challenging

This research highlights urgent security concerns for organizations using watermarking to protect proprietary LLM technology, demonstrating the need for more robust protection mechanisms against model theft.

Can LLM Watermarks Robustly Prevent Unauthorized Knowledge Distillation?