Existing open-source model weight release schemes lack formal security foundations. Method: This work establishes the first provably secure theoretical framework, introducing rigorous cryptographic definitions for ownership protection and misuse prevention; it employs formal cryptographic modeling, security reductions, theoretical analysis, and empirical attacks to evaluate real-world schemes. Contribution/Results: The study identifies a parameter-extraction vulnerability in the widely adopted TaylorMLP scheme—demonstrating that it fails to satisfy its claimed security guarantees. Beyond exposing this critical flaw, the work provides a systematic security assessment of current approaches and delivers both a theoretical foundation and practical design guidelines for developing, verifying, and standardizing secure model weight release mechanisms.

Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we formalize the security of weight release schemes by introducing several concrete security definitions. We then demonstrate our definition's utility through a case study of TaylorMLP, a prominent secure weight release scheme. Our analysis reveals vulnerabilities that allow parameter extraction thus showing that TaylorMLP fails to achieve its informal security goals. We hope this work will advocate for rigorous research at the intersection of machine learning and security communities and provide a blueprint for how future weight release schemes should be designed and evaluated.