# LLM Model Theft

- ID: python-llm-model-theft
- Severity: HIGH
- CWE: Information Exposure (CWE-200)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.

Model theft can occur through:
- API key exposure in source code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage

## Detection Message

Model theft vulnerability: {issue_type}

## Remediation

Load API keys from environment variables instead of hardcoding.

```python
import os
from openai import OpenAI

client = OpenAI(api_key=os.environ.get('OPENAI_API_KEY'))

# Never log API keys
logger.info('API request', extra={'model': 'gpt-4', 'tokens': 100})
```

Learn more: https://shoulder.dev/learn/python/cwe-200/llm-model-theft

## Documentation

[object Object]

## Related Rules

- **Environment Variable Secret Exposure** [HIGH]: 
- **LLM Model Theft** [HIGH]: 
- **LLM Sensitive Information Disclosure** [HIGH]: 
- **Sensitive Field Exposure in API Response** [CRITICAL]: 
- **Environment Variable Secret Exposure** [HIGH]: