An Autonomous Agent for Model Attribution

Jord Nguyen

As LLM agents become more prevalent and powerful, the ability to trace fine-tuned models back to their base models is increasingly important for issues of liability, IP protection, and detecting potential misuse. However, model attribution often must be done in a black-box context, as adversaries may restrict direct access to model internals. This problem remains a neglected but critical area of AI security research. To date, most approaches have relied on manual analysis rather than automated techniques, limiting their applicability. Our approach aims to address these limitations by leveraging the advanced reasoning capabilities of frontier LLMs to automate the model attribution process.

Download

Review Project

Reviewer's Comments

Sachin Dharashivkar

This addresses an important problem with a clever approach. To strengthen the project, you could test the method using current state-of-the-art models. I suspect that with the latest generation of models, this method might not be as effective as hoped. You may need to explore more diverse prompts to achieve better results. Overall, it's a solid hackathon project!

Jaime Raldua

I like the honesty of the author regarding limitations in generalization, sample size and accuracy. This is great.• The idea is promising! Though I am not sure if any conclusions can be reached. This is because the small sample size and the fact that only small LLMs were tested using frontier LLMs.• It would have been useful to test small with small or frontier with frontier cause most of the attribution problem will come from frontier models so we would need to know if we can ensure oversight with models with similar capabilities (the gap between gpt2 and gpt4o is really big).

Andrey Anurin

I loved some of the pairing justifications created by the agent, for example: “Reasoning: 1. base_model_1 and finetuned_model_1 both produce incoherent, repetitive responses.” I think this work shows a feasible approach to base<>finetune attribution. Future directions could include more robust evaluations, adversarily finetuning to worsen attribution.

Abhishek Harshvardhan Mishra

I liked the project somewhat. The topic is interesting and would contribute since it's an approach that hasn't been tested much. The experimental methodology can be expanded to be more generalizable.

Cite this work

@misc {

title={

@misc {

author={

Jord Nguyen

date={

10/6/24

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

View All

May 20, 2025

EscalAtion: Assessing Multi-Agent Risks in Military Contexts

Our project investigates the potential risks and implications of integrating multiple autonomous AI agents within national defense strategies, exploring whether these agents tend to escalate or deescalate conflict situations. Through a simulation that models real-world international relations scenarios, our preliminary results indicate that AI models exhibit a tendency to escalate conflicts, posing a significant threat to maintaining peace and preventing uncontrollable military confrontations. The experiment and subsequent evaluations are designed to reflect established international relations theories and frameworks, aiming to understand the implications of autonomous decision-making in military contexts comprehensively and unbiasedly.

Apr 28, 2025

The Early Economic Impacts of Transformative AI: A Focus on Temporal Coherence

We investigate the economic potential of Transformative AI, focusing on "temporal coherence"—the ability to maintain goal-directed behavior over time—as a critical, yet underexplored, factor in task automation. We argue that temporal coherence represents a significant bottleneck distinct from computational complexity. Using a Large Language Model to estimate the 'effective time' (a proxy for temporal coherence) needed for humans to complete remote O*NET tasks, the study reveals a non-linear link between AI coherence and automation potential. A key finding is that an 8-hour coherence capability could potentially automate around 80-84\% of the analyzed remote tasks.

Mar 31, 2025

Model Models: Simulating a Trusted Monitor

We offer initial investigations into whether the untrusted model can 'simulate' the trusted monitor: is U able to successfully guess what suspicion score T will assign in the APPS setting? We also offer a clean, modular codebase which we hope can be used to streamline future research into this question.

May 20, 2025