Methods, systems, and computer program products for providing the status of model extraction in the presence of colluding users are provided herein. A computer-implemented method includes generating, for each of multiple users, a summary of user input to a machine learning model; comparing the generated summaries to boundaries of multiple feature classes within an input space of the machine learning model; computing correspondence metrics based at least in part on the comparisons; identifying, based at least in part on the computed metrics, one or more of the multiple users as candidates for extracting portions of the machine learning model in an adversarial manner; and generating and outputting an alert, based on the identified users, to an entity related to the machine learning model.