Training data is a critical and often proprietary asset in Large Language Model (LLM) development, motivating the use of data watermarking to embed model-transferable signals for usage verification. We identify low coverage as a vital yet largely overlooked requirement for practicality, as individual data owners typically contribute only a minute fraction of massive training corpora. Prior methods fail to maintain stealthiness, verification feasibility, or robustness when only one or a few sequences can be modified. To address these limitations, we introduce SLIM, a framework enabling per-user data provenance verification under strict black-box access. SLIM leverages intrinsic LLM properties to induce a Latent-Space Confusion Zone by training the model to map semantically similar prefixes to divergent continuations. This manifests as localized generation instability, which can be reliably detected via hypothesis testing. Experiments demonstrate that SLIM achieves ultra-low coverage capability, strong black-box verification performance, and great scalability while preserving both stealthiness and model utility, offering a robust solution for protecting training data in modern LLM pipelines.

翻译：训练数据是大型语言模型（LLM）开发中关键且通常具有专有性的资产，这促使人们使用数据水印技术嵌入可迁移至模型的信号以进行使用验证。我们发现低覆盖率是实际应用中的一个至关重要却长期被忽视的要求，因为个体数据所有者通常仅贡献海量训练语料库中的极小部分。当只能修改一个或少数几个序列时，现有方法无法同时保持隐蔽性、验证可行性与鲁棒性。为应对这些局限，我们提出了SLIM框架，该框架能够在严格的黑盒访问条件下实现针对每个用户的数据来源验证。SLIM利用LLM的内在特性，通过训练模型将语义相似的前缀映射至发散的后缀，从而诱导出潜在空间混淆区。这表现为局部化的生成不稳定性，并可通过假设检验进行可靠检测。实验表明，SLIM在保持隐蔽性与模型实用性的同时，实现了超低覆盖率能力、强大的黑盒验证性能及良好的可扩展性，为现代LLM流程中的训练数据保护提供了鲁棒的解决方案。