Model extraction attacks exploit the target model’s prediction API to create a surrogate model, allowing the adversary to steal or reconnoiter the functionality of the target model in the black-box ...