Partitioning for Intrinsic Model Inversion Resistance in Collaborative Inference

In collaborative inference (CI), transmitting intermediate representations $Z$ from edge devices enables model inversion attacks (MIA) that reconstruct the original inputs $X$, while existing defenses mainly perturb shallow-layer $Z$ at the cost of utility. We instead ask where an edge-cloud model should be partitioned to obtain intrinsic resistance to MIA. We challenge the intuition that depth is the driver of MIA resistance, and show that depth is sufficient only insofar as it enables a representational transition; this transition is necessary for intrinsic resistance and is marked by an abrupt rise in the lower bound of $H(X|Z)$. Correspondingly, the decisive variance term in the entropy bound shifts from a global variance to the intra-class mean-squared radius $R_c^2$ rather than dimensionality alone, yielding an $R_c^2$-based criterion to locate the transition zone, or identify it post hoc from MIA outcomes, which we term the Golden Partition Zone (GPZ). We further explain how $R_c^2$ evolves during training and show that it can be controlled through the label distribution; we refer to this controllable dynamic behavior as the Neural Vortex, an analysis-backed explanatory concept. Across four representative deep vision models, partitioning at the GPZ yields more than 4x higher reconstruction MSE compared to shallow splits; under entropy and inversion-model enhancements, decision-level representations provide 66 percent stronger resistance than feature-level ones, and we further observe that data type affects both the transition boundary and reconstruction.