To address fingerprinting attacks against large language models (LLMs) in sensitive deployment scenarios, this paper proposes a holistic attack-defense co-design framework. On the attack side, we introduce a reinforcement learning–based automatic query optimization method that boosts fingerprint identification accuracy significantly with only three queries. On the defense side, we develop a semantic-preserving output filtering framework driven by an auxiliary LLM, which effectively reduces fingerprint detectability across multiple mainstream LLMs without degrading generation quality. Our key contributions are twofold: (i) the first application of reinforcement learning to optimize query strategies for LLM fingerprinting attacks, and (ii) a lightweight, model-agnostic defense mechanism that guarantees semantic fidelity. Extensive experiments demonstrate that our approach achieves both high fingerprint identification efficiency and robust privacy protection.

As large language models are increasingly deployed in sensitive environments, fingerprinting attacks pose significant privacy and security risks. We present a study of LLM fingerprinting from both offensive and defensive perspectives. Our attack methodology uses reinforcement learning to automatically optimize query selection, achieving better fingerprinting accuracy with only 3 queries compared to randomly selecting 3 queries from the same pool. Our defensive approach employs semantic-preserving output filtering through a secondary LLM to obfuscate model identity while maintaining semantic integrity. The defensive method reduces fingerprinting accuracy across tested models while preserving output quality. These contributions show the potential to improve fingerprinting tools capabilities while providing practical mitigation strategies against fingerprinting attacks.