Frequent LLM model theft and license violations, coupled with limitations of existing watermarking methods—such as reliance on white-box access or introduction of detectable statistical anomalies—highlight the need for a more practical ownership verification mechanism. Method: This paper proposes a gray-box, stealthy, and robust framework for LLM ownership verification. Its core innovation is the first defensive adaptation of membership inference attacks (MIA): it injects memorized embedding fingerprints into natural language data via fine-tuning and leverages calibrated probability shifts for trigger-free, low-perturbation verification. Contribution/Results: The method requires no white-box access and exhibits strong robustness against input perturbations, model fine-tuning, and pruning. Extensive experiments across diverse LLM architectures demonstrate significantly higher verification accuracy than state-of-the-art approaches, while preserving statistical indistinguishability—offering a practical, deployable solution for LLM intellectual property protection.

The proliferation of large language models (LLMs) has intensified concerns over model theft and license violations, necessitating robust and stealthy ownership verification. Existing fingerprinting methods either require impractical white-box access or introduce detectable statistical anomalies. We propose EverTracer, a novel gray-box fingerprinting framework that ensures stealthy and robust model provenance tracing. EverTracer is the first to repurpose Membership Inference Attacks (MIAs) for defensive use, embedding ownership signals via memorization instead of artificial trigger-output overfitting. It consists of Fingerprint Injection, which fine-tunes the model on any natural language data without detectable artifacts, and Verification, which leverages calibrated probability variation signal to distinguish fingerprinted models. This approach remains robust against adaptive adversaries, including input level modification, and model-level modifications. Extensive experiments across architectures demonstrate EverTracer's state-of-the-art effectiveness, stealthness, and resilience, establishing it as a practical solution for securing LLM intellectual property. Our code and data are publicly available at https://github.com/Xuzhenhua55/EverTracer.