Existing data ownership verification (DOV) methods are vulnerable to evasion attacks, leading to severe security false negatives. This paper identifies a fundamental flaw in current DOV paradigms and proposes the first unified evasion framework: it trains a teacher model exclusively on copyrighted data, leverages out-of-distribution (OOD) datasets as intermediaries, employs vision-language models to select high-informativeness subsets, and utilizes large language models to assess information reliability—enabling task-relevant but watermark-agnostic knowledge distillation into a student model. Evaluated across 11 state-of-the-art DOV schemes and multiple benchmark datasets, our method completely nullifies all copyright identifiers, achieving superior evasion success rates and generalization performance compared to nine SOTA baselines, while maintaining computationally feasible overhead. The framework exposes a critical vulnerability in contemporary data provenance mechanisms, challenging the foundational assumptions of dataset copyright enforcement.

Modern over-parameterized deep models are highly data-dependent, with large scale general-purpose and domain-specific datasets serving as the bedrock for rapid advancements. However, many datasets are proprietary or contain sensitive information, making unrestricted model training problematic. In the open world where data thefts cannot be fully prevented, Dataset Ownership Verification (DOV) has emerged as a promising method to protect copyright by detecting unauthorized model training and tracing illicit activities. Due to its diversity and superior stealth, evading DOV is considered extremely challenging. However, this paper identifies that previous studies have relied on oversimplistic evasion attacks for evaluation, leading to a false sense of security. We introduce a unified evasion framework, in which a teacher model first learns from the copyright dataset and then transfers task-relevant yet identifier-independent domain knowledge to a surrogate student using an out-of-distribution (OOD) dataset as the intermediary. Leveraging Vision-Language Models and Large Language Models, we curate the most informative and reliable subsets from the OOD gallery set as the final transfer set, and propose selectively transferring task-oriented knowledge to achieve a better trade-off between generalization and evasion effectiveness. Experiments across diverse datasets covering eleven DOV methods demonstrate our approach simultaneously eliminates all copyright identifiers and significantly outperforms nine state-of-the-art evasion attacks in both generalization and effectiveness, with moderate computational overhead. As a proof of concept, we reveal key vulnerabilities in current DOV methods, highlighting the need for long-term development to enhance practicality.