This work addresses the security risks associated with query-based knowledge extraction from quantized large language models (LLMs) deployed at the edge, such as INT8/INT4 Qwen. Despite their efficiency-oriented design, these models remain vulnerable to such attacks, and this study is the first to systematically demonstrate that quantization alone offers insufficient defense. To this end, the authors propose CLIQ (Clustered Instruction Querying), a framework that leverages structured clustering to generate highly covering yet non-redundant instruction queries, enabling efficient extraction of internal semantic knowledge under limited query budgets. Experimental results show that CLIQ substantially outperforms baseline methods in exposing model knowledge on quantized Qwen variants, revealing a critical privacy vulnerability in current edge-deployed LLMs.

Large language models (LLMs) are increasingly deployed on edge devices under strict computation and quantization constraints, yet their security implications remain unclear. We study query-based knowledge extraction from quantized edge-deployed LLMs under realistic query budgets and show that, although quantization introduces noise, it does not remove the underlying semantic knowledge, allowing substantial behavioral recovery through carefully designed queries. To systematically analyze this risk, we propose \textbf{CLIQ} (\textbf{Cl}ustered \textbf{I}nstruction \textbf{Q}uerying), a structured query construction framework that improves semantic coverage while reducing redundancy. Experiments on quantized Qwen models (INT8/INT4) demonstrate that CLIQ consistently outperforms original queries across BERTScore, BLEU, and ROUGE, enabling more efficient extraction under limited budgets. These results indicate that quantization alone does not provide effective protection against query-based extraction, highlighting a previously underexplored security risk in edge-deployed LLMs.