Researchers debate the efficiency and security of model distillation
Researchers argue SFT on traces alone cannot replicate frontier models.
Entities: Andreas Kirsch, Suhail
On X, AI researchers spent Friday arguing over whether "distillation attacks" on frontier models are being oversold. In a post on X, Stanislav Fort wrote that distilling without logits is "crazy inefficient" and said U.S. frontier labs do not expose them. That skepticism followed a post from Suhail claiming the idea that Chinese labs rely on distillation from U.S. models is "way overexaggerated," and a reply from Andreas Kirsch proposing a two-step workaround.
Combined views
12.4K
7 posts, first seen 7h ago
Commentary on X
they're laying the groundwork for restrictive regulation to control the free market. just look at Demi's recent letter about forming a "committee of experts" that would evaluate models before release. Committees are just another way to obstruct and control but with a publically acceptable "message" like OmG CHiNa is dISTiLiG OUr StOLen DATa
@stanislavfort it's because the model sounds like claude and thinks it is claude so people infer this. the reality is probably more complicated (yes, claude outputs are for sure in the training data, no, doing this doesn't make it easy to build a frontier model and it's not just copying)
I see a lot of “without a doubt, they do” and not a lot of evidence or prove of life on methods. You cannot just SFT on Fable 5 traces and expect a nearby equivalent to pop out of the oven. You can climb up a little bit but things like OPSD, for example, don’t work yet.