Managing use of inference models trained to reduce reconstructability of input features

What is claimed is: 1 . A method for managing use of inference models, the method comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstructability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. 2 . The method of claim 1 , wherein the weight freezing process during the training process is for a portion of weights with respect to the shared body portion, and is performed when a training cycle of the training process tempers an impact of a previously performed untraining cycle of the training process. 3 . The method of claim 1 , further comprising: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; performing an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and treating the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. 4 . The method of claim 3 , wherein obtaining the multipath inference model comprises: freezing the shared body portion; and while the shared body portion is frozen: performing a second training process using a second training data set to obtain the second inference generation path. 5 . The method of claim 4 , wherein the second training data set comprises input values and labels for the input values that comprise the input values. 6 . The method of claim 3 , wherein while the shared body portion is frozen, values of weights of hidden layers of the updated shared body portion are not modified during the first training process. 7 . The method of claim 6 , wherein the values of the weights of the hidden layers of the updated shared body portion are set during a previously performed training process completed prior to the updated shared body portion being frozen and the previously performed training process using a first training data set to obtain the first inference generation path. 8 . The method of claim 4 , wherein performing the untraining process comprises: performing a third training process using a second training data set to obtain a second shared body portion and to reduce the ability of the second inference generation path to infer input features; freezing the second shared body portion; and while the second shared body portion is frozen: performing a fourth training process using the second training data set to increase the ability of the second inference generation path to infer the input features and obtain an updated reconstruction head portion. 9 . The method of claim 8 , wherein performing the untraining process further comprises: making a determination, using the second shared body portion and the updated reconstruction head portion, regarding whether a level of reconstructability of an input feature exceeds a reconstructability threshold; and in an instance of the determination in which the level of reconstructability of the input feature exceeds the reconstructability threshold: modifying the multipath inference model to disallow training based on the input feature and to obtain the updated shared body portion. 10 . The method of claim 9 , wherein modifying the multipath inference model comprises: freezing a portion of the weights of the second shared body portion that correspond to the input feature; performing a fifth training process for the first inference generation path while the portion of the weights are frozen to obtain a third shared body portion; freezing the third shared body portion; performing a sixth training process for the second inference generation path while the third shared body portion is frozen to obtain a second updated reconstruction head portion; and performing a second untraining process using the third shared body portion and the second updated reconstruction head portion to further reduce the ability of the second inference generation path to infer the input feature and to obtain the updated shared body portion. 11 . The method of claim 10 , wherein freezing the portion of the weights of the second shared body portion that correspond to the input feature prevents the first inference generation path from being trained based on the input feature during the fifth training process. 12 . The method of claim 1 , wherein the second location has access to input data for the input data attack resistant inference model and the location does not have access to the input data. 13 . The method of claim 1 , wherein the input data attack resistant inference model is trained to prevent inferences generated by the input data attack resistant inference model being usable to infer the input features used to generate the inferences. 14 . The method of claim 1 , wherein the model repository comprises: at least one input data attack resistant inference model; and at least one inference model that is not an input data attack resistant inference model. 15 . A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being based, at least in part, on a training process that comprises a weight freezing process based on levels of reconstructability of input features based on inferences generated by the input data attack resistance inference model; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the p