Is it possible to have access to trained model, e.g. through some API, and reverse engineer the model by asking for predictions for some arbitrary data, therefore recover the support vectors of the model and thus original training data (medical records, faces e.t.c)? If not, why not?
I read about similar attempt in https://arxiv.org/abs/1609.02943 where they were able to extract average training samples from kernel logistic regression, but I am interested in the possibility of extracting real samples, not averages.
