To address the poor stealthiness and high computational overhead of backdoor-based intellectual property (IP) protection methods for large language models (LLMs), this paper proposes a **training-free and fine-tuning-free fingerprint embedding scheme**. The method employs human-crafted, semantically coherent knowledge triples as fingerprint carriers, integrates causal tracing to identify critical layers, zero-space parameter updates, and a black-box query verification mechanism—enabling ownership watermarking without altering model weights. Experiments on LLaMA and Qwen series models demonstrate that the embedded fingerprints are virtually imperceptible and incur negligible performance degradation. In terms of robustness, the method matches supervised fine-tuning (SFT) and significantly outperforms LoRA-based baselines. To the best of our knowledge, this is the first work achieving a unified design of high stealthiness, zero training cost, and efficient black-box verification for LLM IP protection.

Training large language models (LLMs) is resource-intensive and expensive, making protecting intellectual property (IP) for LLMs crucial. Recently, embedding fingerprints into LLMs has emerged as a prevalent method for establishing model ownership. However, existing back-door-based methods suffer from limited stealth and efficiency. To simultaneously address these issues, we propose EditMF, a training-free fingerprinting paradigm that achieves highly imperceptible fingerprint embedding with minimal computational overhead. Ownership bits are mapped to compact, semantically coherent triples drawn from an encrypted artificial knowledge base (e.g., virtual author-novel-protagonist facts). Causal tracing localizes the minimal set of layers influencing each triple, and a zero-space update injects the fingerprint without perturbing unrelated knowledge. Verification requires only a single black-box query and succeeds when the model returns the exact pre-embedded protagonist. Empirical results on LLaMA and Qwen families show that EditMF combines high imperceptibility with negligible model's performance loss, while delivering robustness far beyond LoRA-based fingerprinting and approaching that of SFT embeddings. Extensive experiments demonstrate that EditMF is an effective and low-overhead solution for secure LLM ownership verification.