You could say “reduces one component of the attack surface” or “closes off threat model X”. But “reduces risk to near-zero” is a tell that you aren’t using the right mindset.
I agree it is a strong statement, but I genuinely cannot think of a way a model could otherwise self-exfiltrate its weights, insofar as the actual numbers don’t exist anywhere digitally once the model is run.
I am not explicitly skilled in this area, so take what I say with a grain of salt, but my lack of knowledge is not at all a reason why what I have said is wrong.
You could say “reduces one component of the attack surface” or “closes off threat model X”. But “reduces risk to near-zero” is a tell that you aren’t using the right mindset.
I agree it is a strong statement, but I genuinely cannot think of a way a model could otherwise self-exfiltrate its weights, insofar as the actual numbers don’t exist anywhere digitally once the model is run.
I am not explicitly skilled in this area, so take what I say with a grain of salt, but my lack of knowledge is not at all a reason why what I have said is wrong.