Expressprint: an approach to watermarking of visual foundation models

A. S. Chistyakova^ab, M. A. Pautov<sup>ac

a</sup> Ivannikov Institute for System Programming of the RAS
^b Lomonosov Moscow State University
^c Artificial Intelligence Research Institute

Abstract: The substantial cost of training from scratch of visual foundation models (VFMs) on large and vast datasets motivates the models’ owners to protect their intellectual property via ownership verification methods. In this work, we propose ExpressPrint, a novel approach to watermarking VFMs based on the fine-tuning of expressive layers of VFMs together with a small encoder-decoder network to embed the digital watermarks into a set of input images. Our method implies a small modification of expressive layers together with training an encoder-decoder neural network to extract user-specific binary messages from the hidden representations of certain input images. This method allows distinguishing between the foundation model provided to a user and independent models, thereby preventing unauthorized use of the model by third parties. We discover that the ability to correctly extract encoded binary messages from images transfers from a watermarked VFM to its functional copies obtained via pruning and fine tuning; at the same time, we experimentally show that non-watermarked VFMs do not share this property.

Keywords: visual foundation models, neural network watermarking, expressive layers, massive activations, trustworthy artificial intelligence

Language: English

DOI: 10.15514/ISPRAS-2025-37(6)-31