To address the challenge of tracing derivative relationships among large language models (LLMs), this paper introduces the first black-box model provenance verification framework. Unlike prior approaches, it requires no access to model weights or training data—only API-based output queries—and leverages statistical similarity of output distributions to perform model provenance inference. Crucially, it is the first to formalize this task as a multiple hypothesis testing problem, enabling high-confidence detection of derivative relationships. Evaluated on two real-world benchmarks encompassing over 600 models spanning 30M–4B parameters, the framework achieves 90–95% precision and 80–90% recall. Its core contribution is establishing a rigorous black-box provenance paradigm, supporting intellectual property protection, accountability for model misuse, and identification of foundational model issues—thereby providing a deployable technical foundation for LLM governance.

Large language models are increasingly customized through fine-tuning and other adaptations, creating challenges in enforcing licensing terms and managing downstream impacts. Tracking model origins is crucial both for protecting intellectual property and for identifying derived models when biases or vulnerabilities are discovered in foundation models. We address this challenge by developing a framework for testing model provenance: Whether one model is derived from another. Our approach is based on the key observation that real-world model derivations preserve significant similarities in model outputs that can be detected through statistical analysis. Using only black-box access to models, we employ multiple hypothesis testing to compare model similarities against a baseline established by unrelated models. On two comprehensive real-world benchmarks spanning models from 30M to 4B parameters and comprising over 600 models, our tester achieves 90-95% precision and 80-90% recall in identifying derived models. These results demonstrate the viability of systematic provenance verification in production environments even when only API access is available.