Which Models Are Our Models Built On? Auditing Invisible Dependencies in Modern LLMs
Abstract: Modern LLM training pipelines increasingly rely on other models to generate data, filter corpora, judge outputs, and guide development decisions. These dependencies are recursive: a model may depend on an upstream artifact whose own dependencies are documented only in separate releases and artifacts. As a result, the full dependency structure is fragmented across heterogeneous public artifacts, with complexity and recursive depth far outpacing humans' ability to trace. We introduce ModSleuth, an agentic system that recursively reconstructs LLM dependency graphs from public artifacts with source-grounded evidence. We find that the primary challenge is no longer information extraction, but defining what constitutes a dependency and reconciling artifact references across inconsistent documentation. We address these challenges through a formalization that distinguishes direct and indirect dependencies, represents heterogeneous pipeline roles through operation-centered relationships, and resolves artifact identities across names, versions, and repositories. Applying ModSleuth to four public-artifact-rich LLM releases, we recover 1,060 source-verified dependencies and construct large-scale dependency graphs of modern LLM development. These graphs reveal multi-hop license obligations, train-evaluation coupling, discrepancies between released and training-time artifacts, and documentation inconsistencies that would otherwise be difficult to uncover. We release ModSleuth and the resulting dependency graphs to support transparent analysis of the increasingly complex ecosystems underlying modern LLMs.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Explain it Like I'm 14
Overview: What this paper is about
This paper is about making “family trees” for modern AI models. Today’s LLMs aren’t built only from raw human-written text. They also rely on other models to create data, clean it, judge answers, and guide decisions. That means one model often depends on many others—sometimes several steps upstream. The problem: these connections are scattered across papers, model cards, code, and dataset pages, and they’re hard for people to trace by hand.
The authors built a tool called ModSleuth that acts like a careful detective. It reads public sources, collects evidence, and builds a map (a dependency graph) showing which models and datasets influenced a target model, and how.
Goals: What the researchers wanted to find out
They set out to answer a few simple questions:
- What should “dependency” mean for AI models? Is it only when one model’s weights come from another, or also when a model generates training data, filters it, or judges it?
- How can we describe the many different ways one model affects another (like generating, filtering, evaluating)?
- How can we match messy, inconsistent names across papers, code, and model hubs to the same real artifact?
- If we build an automated system to collect and connect all this public information, how much of the true dependency map can we recover, and what useful patterns can we uncover?
Approach: How ModSleuth works (in everyday terms)
Think of ModSleuth as a well-trained research assistant that:
- Collects sources It gathers official public materials about a model: technical reports, model cards, dataset cards, code repos, and release notes. It sticks to official sources so it doesn’t spread rumors.
- Finds and matches names Different sources might say “Olmo 3 32B,” “Olmo-3-32B-Think,” or a specific repo link. These could be the same thing at different detail levels. ModSleuth uses an “identity ladder” (you can think of this like zooming from “iPhone” to “iPhone 14 Pro, 256GB, purple”) so it can store what it knows—even when the exact version isn’t clear—and refine it when it finds better evidence.
- Decides what counts as a dependency
- Direct dependencies: things that actually shape the model’s training or weights. Examples: a base checkpoint you start from, an OCR tool that turns PDFs into text for training, or a generator model that creates training examples.
- Indirect dependencies: things that influence choices but don’t go into the weights. Examples: evaluator models used to pick the best method, or ablations that guide design decisions.
- Records how each dependency was used Not all dependencies are the same. ModSleuth stores “operations” describing the role: generated_by, filtered_by, rewritten_by, evaluated_by, trained_from, etc., plus a short, plain-language explanation and a link to the source lines as evidence.
- Repeats the process upstream It doesn’t stop at one step. If it finds the target model used a dataset created by another model, it follows that model’s and dataset’s sources too—recursively—building a multi-hop map.
- Verifies the claims Every edge in the graph must be backed by text/citations from public sources. The team then used another model to help double-check evidence links and count only “verified” dependencies in their results.
Analogy: ModSleuth is like assembling a big puzzle from many instruction manuals, GitHub READMEs, and product labels, carefully labeling each piece, and showing the full chain of “who influenced whom.”
Main findings: What they discovered and why it matters
They applied ModSleuth to four LLM releases with rich public materials (Olmo 3, Nemotron-3 Super, DR Tulu, and SmolLM3).
Key results:
- Scale: They recovered 1,060 verified dependencies (and 1,654 when counting the broader reachable graph). That’s far more than simpler, one-shot AI baselines could find.
- Depth and variety: Dependencies aren’t just “we fine-tuned from X.” Many come from upstream models that generated, filtered, or judged data—often several steps back.
- External reliance: 75–82% of dependencies came from outside the releasing organization, showing how interconnected the ecosystem is.
- Direct vs. indirect: Most verified edges were direct (affecting weights or training data), but many were indirect (evaluation and method influences) and still important.
Why this matters:
- Hidden chains: The tool surfaces multi-hop chains that people usually miss. That can uncover licensing obligations, test contamination risks, or evaluation biases.
- Train–eval coupling: Some benchmarks show up both in training pipelines (in modified forms) and as evaluation targets. Even when not “leakage,” this can blur what scores really mean.
- License paths: Even if a final dataset has a friendly label, its pipeline may include outputs from models with stricter terms. These details can matter for what’s allowed.
- Model-mediated selection: Judges, reward models, and filters often steer which data “makes the cut.” That means their preferences heavily shape the final model’s behavior.
Here are a few concrete, simplified examples the system surfaced:
- DR Tulu’s training data indirectly involved Claude via a dataset (ScholarQA) it relied on. This wasn’t obvious without following multiple links.
- SmolLM3 used FineMath data filtered by a classifier trained on labels generated by Llama 3. So Llama influenced which math data was kept, even though “Llama” might not appear on SmolLM3’s card as an upstream model.
- Olmo 3 used a Qwen model as a judge for reinforcement learning data without ground-truth answers, meaning Qwen’s preferences can shape which examples are rewarded.
- Some benchmarks (like GSM8K, MMLU, IFEval, SWE-bench Verified) show up on both sides: they influence training data in some way and are also used to evaluate final performance, which can complicate fairness and trust in results.
Implications: What this means for the future
- Better transparency: ModSleuth turns scattered notes into a single, navigable map. That helps users, researchers, and reviewers see what really went into a model.
- Licensing and compliance: Multi-hop chains matter. Knowing where data and judgments came from can help teams honor licenses and terms-of-use, and avoid “surprise” constraints later.
- Fairer evaluation: If training and testing are entangled, results can be too optimistic. Tracing dependencies can prompt cleaner evaluation practices and decontamination.
- Safer development: Seeing which judge models, filters, and generators drive data selection can reveal bias risks and motivate more diverse, robust pipelines.
- Standards and governance: These graphs could become part of model documentation standards, making audits and policy checks easier.
Limitations and next steps:
- The tool only traces what’s publicly reported, so its maps are a lower bound—there may be more hidden links.
- Future work could combine public evidence with new techniques for detecting undeclared links, and push for clearer, unified reporting formats so tracing becomes easier for everyone.
In short, the paper shows that today’s AI models are built on complex, layered influence networks—and provides a practical way to see and reason about them.
Knowledge Gaps
Knowledge gaps, limitations, and open questions
Below is a concise, actionable list of what remains missing, uncertain, or unexplored in the paper’s approach, evaluation, and implications. These items are intended to guide follow-up research and tooling.
- Declared-only scope: The system intentionally limits itself to officially disclosed artifacts, producing a lower bound on true dependencies; methods to infer undocumented or suppressed dependencies (e.g., via weight/behavioral provenance, watermarking, or content-trace signals) are not integrated.
- Lack of confidence scoring: Edges are “verified” or not, but there is no calibrated confidence score per edge or operation, nor a principled way to aggregate uncertainty across multi-hop chains.
- No strength/impact quantification: The framework distinguishes direct vs. indirect dependencies, but does not estimate the strength or material impact of each dependency on downstream weights, behavior, or evaluations.
- Subjective boundary of “indirect” influence: The criteria for when evaluation, ablations, or “inspiration” materially influence development remain partly subjective; no codebook or inter-annotator agreement is reported.
- Open-vocabulary operations without ontology: Free-form role descriptions aid flexibility, but hinder comparability and automated analysis; no standardized, extensible ontology (or mapping to an existing one) is provided to normalize operation types.
- Identity resolution accuracy unmeasured: The identity lattice resolves ambiguous references, but there is no benchmark or error analysis quantifying resolution accuracy, collision rates, or failure modes (e.g., family-level vs. checkpoint-level mislinks).
- Limited registry coverage: Resolution appears optimized for Hugging Face; generality to other registries (e.g., ModelScope, GitHub-only releases, academic mirrors) and closed API models with opaque versioning remains untested.
- Temporal/version uncertainty: The system does not track time-aware identities (which upstream version existed at training time) or detect temporal inconsistencies (e.g., citing versions released after training).
- Scalability and cost not characterized: There is no reporting of computational cost, wall-clock time, API spend, or carbon footprint for recursive expansion at depth; scaling behavior and cost/coverage trade-offs are unknown.
- Agent reliability and ablations: Claims that extraction is “no longer the bottleneck” are not supported by ablations measuring extraction errors, hallucinations, or sensitivity to prompt/agent variations.
- LLM-based verifier risks: The verification pipeline depends on another closed LLM; there is no human validation sample, inter-rater reliability, or error analysis for false positives/negatives in verification judgments.
- No precision/recall metrics: Counting “verified edges” rewards volume but not quality; without gold graphs, there is no estimate of precision, recall, or coverage relative to an expert-constructed subset.
- Conflict handling underreported: The rate and types of cross-source conflicts, resolution outcomes, and proportion requiring human intervention are not quantified; there is no taxonomy of common conflict causes.
- Graph evolution and versioning: Procedures for incremental updates (as artifacts change), versioned snapshots, and change auditing over time are not specified.
- Cycle detection and semantics: Cycles arising from recursive pipelines are not analyzed; how cycles are detected, represented, and interpreted (e.g., co-training loops) is unclear.
- Bias introduced by disclosure asymmetry: Cross-model comparisons are cautioned against, but there is no normalization scheme or uncertainty-aware metric to adjust for organizations with sparse documentation.
- Internationalization and modality gaps: Applicability to non-English artifacts and non-text modalities (speech, vision, multimodal pipelines beyond OCR) is not demonstrated or evaluated.
- Limited testbed diversity: Only four “artifact-rich” releases are evaluated; generality to lightly documented or closed releases, and to other domains (code-only LLMs, RL agents, vision models), remains untested.
- Operation provenance granularity: Data operations (e.g., filtering, transformation) lack standardized attribution units (rulesets, thresholds, prompts); reproducibility of these operations is not guaranteed.
- No policy engine for license propagation: While license-relevant paths are surfaced, there is no formal semantics or automated policy engine to compute license/ToU propagation and conflicts along composite paths.
- Contamination risk quantification absent: Train–eval couplings are identified qualitatively, but there is no measurement of contamination prevalence, leakage likelihood, or effect sizes on benchmark scores.
- Causal attribution across chains: The framework does not allocate “credit” for influence among multi-hop contributors (e.g., Shapley-style data valuation or path-based causal attribution).
- Security and adversarial obfuscation: The system assumes good-faith documentation; defenses against deliberate obfuscation (e.g., aliasing, redaction, misleading names) are not studied.
- Governance and community QA: Processes for community-submitted corrections, dispute resolution, and provenance audits (e.g., cryptographic signing, source attestation) are not specified.
- Interoperability with SBOM standards: There is no mapping to existing software/data SBOM or SPDX-like schemas to enable broader ecosystem tooling and compliance workflows.
- Reproducibility constraints: Dependence on closed agents (Claude Code, verifier LLM) limits fully open reproducibility; open-source alternatives and sensitivity to model choice are not assessed.
- Edge attribution policy: The BFS/unbounded attribution schemes are bespoke; the impact of edge-attribution choices on comparative metrics and conclusions is not analyzed.
- Confidence-weighted querying: Query capabilities do not exploit uncertainty or provenance depth; there is no facility for filtering by evidence type, number of corroborating sources, or recency.
- Human-in-the-loop design: Criteria for when to escalate to humans, required expertise, effort per conflict, and UI/tooling for efficient audit review are not characterized.
- Ethical/legal compliance of crawling: The paper does not detail robots/ToU compliance, rate-limiting, or consent policies for scraping and re-hosting excerpts from official artifacts.
- Downstream risk linkage: The connection between certain dependency patterns (e.g., judge reuse) and measurable harms (bias, collapse, brittleness) is hypothesized but not empirically validated.
- Generalization to non-model artifacts: Tool, compiler, and infrastructure dependencies (e.g., tokenizers, data dedupers, retrievers, vector DBs) are unevenly represented; criteria and mechanisms to include them are unclear.
- Standardized disclosure recommendations: The work surfaces documentation gaps but does not propose a concrete, minimal disclosure schema for model developers to reduce ambiguity at source.
Practical Applications
Immediate Applications
Below are applications that can be deployed today using the paper’s released system (ModSleuth), its formalization of dependencies, and the evidence-grounded graphs produced on real LLM releases.
- Model/Data “SBOM” generation and CI gating — Sectors: software, finance, healthcare, education, public sector — Use cases: generate a machine-readable “software bill of materials” for AI (model/data SBOM) during releases; add a pre-merge CI check that blocks releases when upstream artifacts lack traceable evidence, have unresolved identities, or violate internal policy — Tools/workflows: ModSleuth as a GitHub Action; release checklist that requires an evidence-backed dependency graph; dashboards that surface unresolved lattice nodes and missing evidence — Assumptions/dependencies: relies on publicly declared artifacts and working links; best-effort lower bound (undocumented dependencies won’t appear)
- License and terms-of-use risk propagation analyzer — Sectors: software, legal, finance, healthcare, education — Use cases: scan for multi-hop license obligations (e.g., Llama-derived annotations used in SmolLM3’s FineMath chain); flag “permissive washing” risks where declared licenses don’t reflect upstream generation/judging; create counsel-ready trace packs — Tools/workflows: license rule engine that traverses ModSleuth graphs; “what-if” filters to simulate removing restricted upstreams; auto-generated memos for legal review — Assumptions/dependencies: legal interpretation is jurisdiction- and license-specific; not legal advice; relies on faithful public disclosures and correct identity resolution of datasets/models
- Train–evaluation coupling and contamination scanner — Sectors: software, education, research labs, benchmarking orgs — Use cases: detect when evaluation assets or their derivatives appear in training (e.g., GSM8K and IFEval paths in Olmo pipelines; SWE-bench-Verified used for RL in one Nemotron release); pre-deployment checks to avoid circularity and inflated metrics — Tools/workflows: benchmark registry integration; “do-not-train” list enforcement; pre-run audit on curated evaluation suites — Assumptions/dependencies: benchmark variants and synthetic expansions must be correctly resolved (identity lattice quality); some couplings are structural rather than direct leakage and need human judgment
- Judge/reward conflict-of-interest checker — Sectors: software, evaluation services, safety & red-teaming — Use cases: identify when the same upstream family serves as both generator and judge (e.g., Qwen3-32B used as RL judge for Olmo 3); flag family-level ancestry or shared training data between system-under-test and judges/reward models — Tools/workflows: evaluation policy gate that forbids judge/generator overlap; diversity scoring for evaluators; rotation of independent judges — Assumptions/dependencies: family-level identity must be normalized; not all family overlaps imply measurable bias—supports a risk flag, not a verdict
- Documentation and release augmentation assistant — Sectors: software, open-source communities, academic labs — Use cases: auto-fill dependency sections in model cards/data cards; reconcile paper–code discrepancies; publish an “evidence appendix” with linked anchors and versions — Tools/workflows: card augmentation bot; repo linter for unresolved artifact identities and missing sources; PR comments proposing specific citations with URLs — Assumptions/dependencies: maintainers must approve edits; some upstreams are intentionally undisclosed in closed releases
- Procurement and vendor due diligence for AI buyers — Sectors: finance, healthcare, government, enterprise IT — Use cases: request and verify dependency graphs from vendors; evaluate concentration risk in external upstreams (paper shows 75–82% external dependencies); screen for restricted-model paths (e.g., GPT-4, Llama clauses) before integration — Tools/workflows: standardized submission form for dependency graphs; procurement scorecards summarizing external share, depth, and judge/generator diversity — Assumptions/dependencies: vendors must cooperate; third-party verification relies on public artifacts and may undercount
- Sensitive-data governance in regulated domains — Sectors: healthcare (HIPAA/PHI), finance (SEC/FINRA), public sector (GDPR/AI Act readiness) — Use cases: ensure that clinical or financial assistants are not indirectly trained on restricted corpora via synthetic expansions or filtering chains; maintain audit records for regulators — Tools/workflows: domain-specific blocklists (PHI sources, customer data mirrors); periodic re-scan of dependency graphs; evidence bundles for audits — Assumptions/dependencies: provenance of synthetic data remains challenging; requires policies that map legal norms into graph rules
- Ecosystem-mapping dataset for research and community oversight — Sectors: academia, civil-society observatories, standards bodies — Use cases: study concentration, recursive dependence, and emergent coupling at ecosystem scale; replicate the paper’s quantitative findings; build public dashboards — Tools/workflows: hosted query endpoint over ModSleuth graphs; bibliometric-style analytics (centrality, hop counts); export to graph databases — Assumptions/dependencies: continued curation; versioning to handle time-varying artifacts and link rot
Long-Term Applications
Below are applications that likely require further research, standardization, ecosystem adoption, or integration with external infrastructure.
- Open standard for AI provenance and identity (ML SBOM) — Sectors: software, policy, standards, MLOps vendors — Use cases: create an SPDX- or CycloneDX-like schema for models and datasets, including operation-centered relations and an identity lattice; enable interchange across repos and clouds — Tools/workflows: reference spec and validators; converters from ModSleuth graphs to the standard; repository badges for compliance — Assumptions/dependencies: consensus across major platforms (Hugging Face, model hubs, cloud providers); governance for schema evolution
- Regulatory reporting and compliance automation — Sectors: government, regulated industry (finance, healthcare), audits — Use cases: auto-generate disclosures for EU AI Act, NIST AI RMF-aligned documentation, and sectoral rules; submit verifiable evidence packs with links and signatures — Tools/workflows: “Compliance-as-graph” services; templates that translate dependency graphs into required forms; regulator portals for ingestion — Assumptions/dependencies: regulators must accept machine-readable provenance; requires legal clarity on synthetic-data lineage obligations
- Ecosystem-scale continuous monitoring and alerts — Sectors: software platforms, open-source foundations, civil-society monitors — Use cases: crawl updates to model/dataset cards and repos; detect newly discovered upstream risks (license changes, benchmark leak revelations) and push alerts to dependent releases — Tools/workflows: scheduled crawlers; change-diffing over identity facets; alerting and remediation playbooks — Assumptions/dependencies: rate limits and access constraints; stable artifact identifiers and archival snapshots
- Cryptographically verifiable chain-of-provenance — Sectors: software security, supply-chain integrity, cloud/edge deployers — Use cases: sign releases and dependency edges; verify chain from dataset to training run to model; integrate with C2PA/SCITT-style attestations — Tools/workflows: signing keys and attestations for operations (generate/filter/judge); tamper-evident logs; provenance verifiers in deployment pipelines — Assumptions/dependencies: key management at scale; broad vendor adoption; handling of proprietary data without leaking secrets
- Risk scoring and insurance underwriting for AI supply chains — Sectors: insurance, enterprise risk, finance — Use cases: assign scores based on external dependency share, depth, judge/generator diversity, license risk exposure, and train–eval coupling; price risk or set coverage conditions — Tools/workflows: actuarial models over graph metrics; quarterly portfolio scans; remediation guidance tied to premium incentives — Assumptions/dependencies: historical loss and incident data remain sparse; scoring requires transparent and stable metrics
- Contamination-aware training and evaluation governance — Sectors: software, education/assessment providers, research labs — Use cases: automatically exclude benchmark-adjacent data when curating mixes; enforce evaluator independence; schedule periodic rotation of judges with distinct ancestry — Tools/workflows: curriculum design tools that query graphs for exclusions; evaluator pools with family-diversity constraints; audit trails of decisions — Assumptions/dependencies: feasible substitutes must exist for excluded data; may trade off some performance during transition
- Inferring hidden dependencies via multimodal signals — Sectors: academia, security, closed-model vendors — Use cases: complement declared graphs with weight- and behavior-based inference to surface undisclosed ancestry or model-mediated selection — Tools/workflows: hybrid provenance pipelines that combine ModSleuth with weight-similarity and behavioral fingerprinting — Assumptions/dependencies: research maturity and benchmark availability; careful treatment to avoid false accusations
- Education and community norms for transparent releases — Sectors: academia, open-source, conferences — Use cases: reproducibility badges that require dependency graphs with evidence; reviewer checklists for papers that touch synthetic data and judges; student training on provenance hygiene — Tools/workflows: conference policies; templates and tutorials; community-run audits and public leaderboards — Assumptions/dependencies: incentives and recognition mechanisms; overhead acceptable to authors and maintainers
Notes on Feasibility and Dependencies
- Coverage limits: All applications inherit the paper’s core disclosure constraint—graphs represent a lower bound because they are built from publicly declared artifacts; closed releases may under-report.
- Identity resolution: Effective use of the identity lattice depends on stable identifiers, dataset derivation metadata, and repository hygiene (especially on Hugging Face).
- Legal nuance: License propagation analysis depends on nontrivial legal interpretation; outputs should be treated as triage signals requiring counsel review.
- Temporal consistency: Artifacts and cards change; robust deployments must snapshot sources and re-run periodic audits to keep evidence current.
- Model-agent reliability: Automated extraction and verification rely on capable LLM agents and verifiers; human-in-the-loop review remains important for conflicts or ambiguities.
Glossary
- Ablation: An experimental technique where components or data are systematically removed or varied to assess their impact. "Evaluation / ablation"
- Agentic system: An automated, goal-directed system (often built on LLMs) that can plan, navigate sources, and take actions to complete tasks. "an agentic system that recursively reconstructs LLM dependency graphs"
- Ancestry inference: Methods to infer a model’s lineage by analyzing its weights or behavior rather than documentation. "ancestry inference from weights or behavioral signals"
- Beam search: A heuristic search that explores the top-K promising candidates at each step to manage combinatorial growth. "or beam search to expand the top- structurally central ancestors"
- BFS reachability: Counting relationships that are forward-reachable from a target via breadth-first search in a graph. "Under BFS reachability"
- Canonicalization: Normalizing heterogeneous references to a standard, canonical identifier or form. "extraction, canonicalization, evidence grounding, and validation"
- Checkpoint inheritance: Dependency where a model’s weights derive from, or are initialized with, another model’s checkpoint. "through checkpoint inheritance"
- Data card: A documentation artifact that describes a dataset’s composition, sources, and intended use. "data cards"
- Datasheet: A structured reporting framework for datasets that details their creation, content, and limitations. "datasheets"
- Decontamination: Procedures to remove evaluation or sensitive content from training data to prevent leakage or bias. "standard decontamination cannot trace"
- Dependency graph: A graph of artifacts and edges that captures how upstream models or datasets influence downstream systems. "LLM dependency graphs"
- Direct dependency: An upstream artifact that materially affects a model’s training or weights (e.g., generators, filters, OCR). "direct and indirect dependencies"
- Downstream artifact: The model or dataset influenced by upstream artifacts and operations. "shapes a downstream artifact"
- DPO (Direct Preference Optimization): A training approach that optimizes models using preference comparisons without explicitly learning a reward function. "DPO generator and RL judge"
- Ecosystem mapping: An auditing approach that charts relationships and flows across ML artifacts within a broader ecosystem. "ecosystem mapping"
- Evidence anchors: Specific citations, URLs, or source excerpts attached to graph edges for verification. "36{,}187 evidence anchors."
- Evidence grounding: Requiring that each dependency claim is supported by explicit source evidence. "evidence grounding"
- Facets (identity): Attribute fields that specify parts of an artifact’s identity (e.g., family, size, stage). "identity itself is represented as an open-vocabulary set of facets"
- Filtering classifier: A model that scores or selects data points to include or exclude from training corpora. "filtering classifiers"
- Identity collision: A resolution error where multiple mentions incorrectly map to the same artifact or conflict in identity. "Identity collisions"
- Identity lattice: A hierarchical representation that captures artifact identities at varying specificity levels. "introduces an identity lattice"
- Indirect dependency: An upstream artifact that influences development decisions without directly entering training. "indirect dependencies"
- Judge model: A model used to evaluate or score outputs, often shaping which examples are retained or rewarded. "judge models"
- License obligations: Legal requirements (e.g., usage restrictions) that can propagate across multi-hop reuse. "multi-hop license obligations"
- Model card: A standardized documentation artifact describing a model’s training, data, usage, and limitations. "model cards"
- Model lineage: The weight-level ancestry describing how a model’s parameters derive from other checkpoints. "Weight-level model lineage"
- Model-mediated selection: Data selection processes controlled by models (generation, judging, filtering, rewarding) rather than humans. "Model-mediated selection."
- ModSleuth: The system introduced to reconstruct and audit LLM dependencies from public artifacts. "We introduce ModSleuth"
- Multi-hop paths: Dependency chains spanning multiple steps, often hiding indirect or transitive influences. "multi-hop paths"
- OCR (Optical Character Recognition): Systems that convert images or PDFs into machine-readable text, often used in preprocessing. "OCR systems"
- Operation-centered relationships: Representing dependencies via specific pipeline operations (generation, filtering, rewriting, evaluation). "operation-centered relationships"
- Preference learning: Training methods that use human or model preferences to guide outputs or rankings. "preference learning"
- Provenance: The origin and lineage of data or models, used to track and audit their lifecycle. "dataset provenance tracing"
- Recursive expansion: Repeatedly tracing upstream artifacts to recover transitive dependencies across the ecosystem. "This recursive expansion is what turns scattered one-hop evidence into an auditable dependency graph"
- Reward model: A model that assigns scalar rewards to outputs, guiding RLHF or data selection. "reward models"
- RLHF (Reinforcement Learning from Human Feedback): Training that uses human preference-derived signals to optimize models via reinforcement learning. "Nemotron-3-Super RLHF"
- RL-Zero: A training recipe that uses reinforcement signals without explicit ground truth, often with LM judges. "Olmo 3 RL-Zero models"
- Source anchors: Attached links or quotations that make dependency claims verifiable. "attached source anchors"
- Source-grounded evidence: Evidence drawn from official, primary sources (papers, cards, repos) rather than third-party claims. "source-grounded evidence"
- Synthetic data: Data generated by models to augment or replace human-curated datasets. "synthetic data generation and curation"
- Synthetic supervision: Training signals (labels, preferences, traces) produced by models rather than humans. "synthetic supervision"
- Train--evaluation coupling: Structural overlap or influence between training pipelines and evaluation benchmarks. "train--evaluation coupling"
- Upstream artifact: A model or dataset that influences a downstream artifact via generation, filtering, or other operations. "upstream artifact"
- YAML: A human-readable configuration format commonly used for training scripts and pipelines. "Training scripts, YAMLs, and data-prep code"
Collections
Sign up for free to add this paper to one or more collections.