Go to AI-CRV 2026 Workshop DMP homepageLocket: Robust Feature-Locking Technique for Language Models
Keywords: AI Applications, Secure AI, Large Language Models, Natural Language Processing
TL;DR: We present a more robust and scalable feature-locking technique to enable the pay-to-unlock scheme for chatbot service providers.
Abstract: Chatbot service providers (e.g., OpenAI) rely on tiered subscription plans to generate revenue, offering black-box access to basic models for free users and advanced models to paying subscribers. However, this approach is unprofitable and inflexible. A pay-to-unlock scheme for premium features (e.g., math, coding) offers a more sustainable alternative. Enabling such a scheme requires a feature-locking technique (FLoTE) that is (i) *effective* in refusing locked features, (ii) *utility-preserving* for unlocked features, (iii) *robust* against evasion or unauthorized credential sharing, and (iv) *scalable* to multiple features and clients. Existing FLoTEs (e.g., password-locked models) fail to meet these criteria. To fill this gap, we present Locket, a more *robust and scalable* FLoTE to enable pay-to-unlock schemes. We develop a framework for adversarial training and merging of feature-locking *adapters*, which enables Locket to selectively disable specific features of a model. Evaluation shows that Locket is effective (100% refusal rate), utility-preserving ($\leq$ 7% utility degradation), robust ($\leq$ 5% attack success rate), and scalable to multiple features and clients.
Email Sharing: We authorize the sharing of all author emails with Program Chairs.
Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.
Submission Number: 1
Loading