Dr. Ozgur Ural

Dr. Ozgur Ural

Senior Software Engineer & Researcher; Ph.D. in Secure & Distributed ML

Model Watermarking and the Future of Trustworthy AI

1 minute read

Published:

Model watermarking embeds identifiable patterns into a model’s parameters or outputs so that ownership can be demonstrated without access to the original training process. Early work showed that weights of deep networks can carry hidden signatures without affecting accuracy [3]. Subsequent methods trained models on trigger sets to create behavior-based marks resilient to fine‑tuning [4,5].

Toward resilient Proof-of-Learning

Our research investigates how watermarking strengthens Proof-of-Learning (PoL) by binding models to verifiable training artifacts. Feature-based schemes tie a model’s internal representations to secret keys, making spoofing attacks detectable [1]. A follow‑up evaluation compared parameter, data, and feature watermarking across robustness metrics, highlighting trade-offs between security and computational cost [2].

Emerging applications and challenges

Watermarking is moving from academic prototypes to industry as open model sharing proliferates. Regulations that demand auditable ML pipelines will rely on provenance techniques to certify that models were trained ethically. Meanwhile, attackers explore watermark removal and collusion strategies, prompting defenses that combine robust statistics with cryptographic attestations [3,5].

Future importance

In the coming years watermarking will enable:

  1. traceable model marketplaces where ownership claims are verifiable,
  2. protection against model theft in collaborative research and AI-as-a-service,
  3. standardized PoL pipelines for decentralized training networks.

Watermarks that survive pruning, quantization, and transfer learning will be essential to these deployments.

References

[1] Ural, O. and Yoshigoe, K. (2024). Enhancing Security of Proof-of-Learning against Spoofing Attacks using Feature-Based Model Watermarking. IEEE Access. [2] Ural, O. and Yoshigoe, K. (2025). Evaluation of Model Watermarking Techniques for Proof-of-Learning Security Against Spoofing Attacks. IEEE Access (in press). [3] Uchida, Y., Nagai, Y., Sakazawa, S., & Satoh, S. (2017). Embedding Watermarks into Deep Neural Networks. ICMR. [4] Adi, Y., Baum, C., Cisse, M., Pinkas, B., & Keshet, J. (2018). Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. USENIX Security. [5] Rouhani, B. D., Chen, H., & Koushanfar, F. (2019). DeepSigns: A Generic Watermarking Framework for IP Protection of Deep Learning Models. arXiv:1804.00750.

You May Also Enjoy

How to Recognize Advice That Actually Helps

3 minute read

Published:

Entrepreneurs, researchers, and engineers live in a torrent of guidance. Podcasts, newsletters, and mentors offer conflicting prescriptions, each delivered with confidence. Distinguishing signal from noise is therefore a crucial skill. The discipline of evidence‑based management argues that decisions should be grounded in the best available data rather than authority or habit (Pfeffer & Sutton, 2006). Applying this mindset to advice means scrutinizing both the source and the context before acting.

Slowing Down Time Through Novel Experiences

2 minute read

Published:

We often remark that years seem to fly by. Cognitive science suggests this feeling stems from how the brain encodes memories. When days look alike, the hippocampus compresses them into fewer distinct records, creating the impression that time has sped up\footnote{Avni-Babad, D., & Ritov, I. (2003). Routine and the perception of time. Journal of Experimental Psychology: General, 132(4), 543–553. https://doi.org/10.1037/0096-3445.132.4.543}. Conversely, a day rich with new experiences leaves more traces in neural storage, stretching our subjective timeline\footnote{Kurby, C.A., & Zacks, J.M. (2008). Segmentation in the perception and memory of events. Trends in Cognitive Sciences, 12(2), 72–79. https://doi.org/10.1016/j.tics.2007.11.004}.

The Real Test for Making Something People Want

3 minute read

Published:

Scaling conversations dominate startup culture, yet the first question any product must answer is painfully small: will even one person use it when given the chance? The only reliable way to find out is through direct observation. This principle is at the heart of evidence‑based design, a methodology grounded in human‑computer interaction research that emphasizes empirical feedback over speculation (Nielsen, 1993). Surveys and interviews hint at preferences, but behavior reveals intent. If your prototype cannot hold the attention of a single user, no amount of marketing will redeem it.

Why Startups Are Really About Curiosity

3 minute read

Published:

Founders often believe that success begins with a brilliant idea or a perfectly timed launch. Experience, however, shows that the most durable companies originate from a far less glamorous source: persistent curiosity. In innovation research, curiosity is not merely a personality trait but a mechanism for uncovering hidden structure in complex systems. Loewenstein’s review of the psychology of curiosity describes it as a response to information gaps that drive humans to seek missing data rather than settle for superficial explanations (Loewenstein, 1994). In a startup, those gaps manifest as unresolved annoyances—a workflow that feels clumsy, a user experience that wastes time, or a technology that seems inexplicably outdated. The founder who keeps tugging at these loose threads eventually reveals a problem worth solving.