Abstract

We introduce LLMmap, a first-generation fingerprinting attack targeted atLLM-integrated applications. LLMmap employs an active fingerprinting approach,sending carefully crafted queries to the application and analyzing theresponses to identify the specific LLM model in use. With as few as 8interactions, LLMmap can accurately identify LLMs with over 95% accuracy. Moreimportantly, LLMmap is designed to be robust across different applicationlayers, allowing it to identify LLMs operating under various system prompts,stochastic sampling hyperparameters, and even complex generation frameworkssuch as RAG or Chain-of-Thought.

 

Quick Read (beta)