Catch-Only-One: Non-Transferable Examples for Model-Specific Authorization

Researchers introduce non-transferable examples (NTEs), a novel data encoding technique that restricts unauthorized model access while preserving utility for authorized applications. The method leverages model-specific low-sensitivity subspaces to act as cryptographic-like controls on AI data usage, addressing regulatory demands for purpose limitation without requiring model retraining or deployment control.

This research addresses a critical gap in AI governance: enforcing purpose limitation on released datasets in practice. While regulations increasingly demand that data remain restricted to intended applications, existing safeguards prove inadequate—released data can be freely used by any model regardless of declared intent. Traditional defenses either perturb data quality or require control over model training and deployment, leaving vulnerabilities against external or unknown models.

Non-transferable examples represent a paradigm shift by encoding data in ways that remain functional only for designated models. Rather than adding adversarial noise, NTEs exploit model-specific insensitive subspaces—directions where different models respond divergently. This training-free approach recodes data so authorized models maintain performance while unauthorized models experience performance collapse through subspace misalignment. The theoretical framework provides formal bounds guaranteeing fidelity for authorized use and quantifying unauthorized degradation based on spectral differences between models.

The implications extend across AI governance, data licensing, and enterprise AI deployment. Organizations can release datasets with built-in restrictions that persist even under adaptive attacks, enabling innovation while maintaining control over downstream applications. This addresses regulatory pressures from frameworks emphasizing data purpose limitation without imposing computational overhead or requiring continuous monitoring.

Looking forward, the practical viability of NTEs across diverse model architectures—demonstrated through vision backbones and vision-language models—suggests potential standardization in data-sharing agreements. Success hinges on whether NTE encoding becomes robust against emerging model architectures and whether adoption extends beyond academic settings into production environments where data licensing disputes are economically significant.

• →Non-transferable examples enable model-specific data restrictions without modifying models or sacrificing authorized performance.
• →The method leverages spectral misalignment between models to degrade unauthorized predictions while preserving authorized utility.
• →NTEs persist under adaptive reconstruction attacks and remain effective across diverse vision and vision-language model architectures.
• →The approach is training-free and data-agnostic, requiring no control over unauthorized model development or deployment.
• →Research provides formal mathematical bounds certifying both authorized fidelity and measurable unauthorized performance degradation.