# LLM Model Theft

- ID: javascript-llm-model-theft
- Severity: HIGH
- CWE: Information Exposure (CWE-200)
- Languages: JavaScript, TypeScript
- Frameworks: nodejs, express

## Description

Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.

Model theft can occur through:
- API key exposure in client-side code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
- Missing access controls on model endpoints

This rule detects:
- Hardcoded API keys in source code
- API keys in client-side JavaScript
- Model files served without authentication
- Missing rate limiting on inference endpoints
- Model parameters logged or exposed

## Detection Message

Model theft vulnerability: {issue_type}

## Remediation

Load API keys from environment variables and proxy LLM calls through your server.

```javascript
const openai = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-200/llm-model-theft

## Documentation

[object Object]

## Related Rules

- **Environment Variable Secret Exposure** [HIGH]: 
- **LLM Model Theft** [HIGH]: 
- **LLM Sensitive Information Disclosure** [HIGH]: 
- **Sensitive Field Exposure in API Response** [CRITICAL]: 
- **Environment Variable Secret Exposure** [HIGH]: