OML: A Primitive for Reconciling Open Access with Owner Control in AI Model Distribution

TL;DR

This work formalizes $OML$ (Open-access, Monetizable, and Loyal) as a primitive to reconcile open-weight model distribution with cryptographic ownership controls, enabling local execution while enforcing per-input authorization. It establishes a rigorous framework with security definitions (model extraction resistance and permission forgery resistance) and a quantitative quality profile $(Utility,Robust,Overhead)$, then analyzes the design space across obfuscation, TEEs, cryptography, and Melange hybrids. The paper proves fundamental limits (including information-theoretic impossibility) and shows how indistinguishability obfuscation can realize $OML$ under strong assumptions, while offering practical pathways such as $OML$ 1.0 using AI-native fingerprints with near-zero overhead. It provides empirical and theoretical evidence that $OML$ is feasible today at a spectrum of security–efficiency trade-offs, and outlines a research agenda at the intersection of cryptography, ML, and mechanism design with significant governance implications.

Abstract

The current paradigm of AI model distribution presents a fundamental dichotomy: models are either closed and API-gated, sacrificing transparency and local execution, or openly distributed, sacrificing monetization and control. We introduce OML(Open-access, Monetizable, and Loyal AI Model Serving), a primitive that enables a new distribution paradigm where models can be freely distributed for local execution while maintaining cryptographically enforced usage authorization. We are the first to introduce and formalize this problem, introducing rigorous security definitions tailored to the unique challenge of white-box model protection: model extraction resistance and permission forgery resistance. We prove fundamental bounds on the achievability of OML properties and characterize the complete design space of potential constructions, from obfuscation-based approaches to cryptographic solutions. To demonstrate practical feasibility, we present OML 1.0, a novel OML construction leveraging AI-native model fingerprinting coupled with crypto-economic enforcement mechanisms. Through extensive theoretical analysis and empirical evaluation, we establish OML as a foundational primitive necessary for sustainable AI ecosystems. This work opens a new research direction at the intersection of cryptography, machine learning, and mechanism design, with critical implications for the future of AI distribution and governance.

Figures (11)

• Figure 1: OML enables transition from one-way model distribution to bidirectional value flow. Left: Current paradigm where models are distributed without feedback or compensation mechanisms. Right: OML-enabled ecosystem where usage generates returns for all contributors, incentivizing continuous collaborative improvement.
• Figure 2: Illustration of OML 1.0 Workflow
• Figure 3: OML formatting process of AI models via obfuscation.
• Figure 4: OML implementation with hardware-based security via trusted execution environments.
• Figure 5: OMLization process of Provable security via cryptography

Theorems & Definitions (13)

• Definition 1: OMLized Model
• Theorem 1: Information-theoretic impossibility
• Theorem 2: OML from indistinguishability obfuscation
• Theorem 3: Query–security trade-off
• proof
• proof : Construction and argument
• Lemma 1: Uniform convergence under squared loss
• proof
• proof : Proof of Theorem \ref{['thm:sample_complexity']}
• Proposition 1