Managing inference models in view of reconstructability of sensitive information

What is claimed is: 1 . A method for managing use of inference models, the method comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being trained to impart reconstruction resistance to, at least, input features during inference generation based on a schema for weighting, at least, the input features for reconstruction resistance; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data attack resistant inference model to a second location that is trustworthy; obtaining, at the location, an inference model result using the prediction head portion and the shared body portion; and providing computer-implemented services based on the inference model result. 2 . The method of claim 1 , wherein the schema for weighting, at least, the input features for reconstruction resistance indicates a reconstruction score threshold for an input feature of the input features based on a level of sensitivity for the input feature, the level of sensitivity being based on a level of impact of undesired access to the input feature. 3 . The method of claim 2 , wherein the reconstruction score threshold indicates an acceptable degree of reconstructability for the input feature and the reconstruction score threshold decreases as the level of sensitivity for the input feature increases. 4 . The method of claim 3 , wherein the level of sensitivity increases as information content of the input feature increases. 5 . The method of claim 4 , wherein the information content is based on at least one of variability of the input feature, and public accessibility of information regarding the input feature. 6 . The method of claim 1 , wherein the schema for weighting, at least, the input features for reconstruction resistance indicates a reconstruction score threshold for a portion of derived data based on at least one of the input features. 7 . The method of claim 6 , wherein the portion of the derived data is not used as input to the input data attack resistant inference model and is not output by the input data attack resistant inference model. 8 . The method of claim 1 , further comprising: prior to identifying the occurrence of the inference model deployment event: obtaining a multipath inference model comprising: a first inference generation path comprising the prediction head portion and the shared body portion; and a second inference generation path comprising a reconstruction head portion and the shared body portion, the second inference generation path being trained to infer input features ingested by the second inference generation path; obtaining, using the schema, a set of reconstruction score thresholds associated with at least the input features; performing, based on the set of the reconstruction score thresholds, an untraining process for the second inference generation path to reduce an ability of the second inference generation path to infer the input features and to update the shared body portion; performing a first training process for the first inference generation path while the updated shared body portion is frozen to obtain an updated prediction head portion; and using the updated prediction head portion and the updated shared body portion as the input data attack resistant inference model. 9 . The method of claim 8 , wherein obtaining the multipath inference model comprises: freezing the shared body portion; and while the shared body portion is frozen: performing a second training process using a second training data set to obtain the second inference generation path. 10 . The method of claim 9 , wherein while the shared body portion is frozen, values of weights of hidden layers of the shared body portion are not modified during the second training process. 11 . The method of claim 10 , wherein the values of the weights of the hidden layers of the shared body portion are set during a previously performed training process completed prior to the shared body portion being frozen and the previously performed training process using a first training data set to obtain the first inference generation path. 12 . The method of claim 8 , wherein obtaining the set of the reconstruction score thresholds comprises: obtaining a test data set comprising instances of the input features; performing, using the test data set, an input feature sensitivity analysis process to obtain levels of sensitivity for, at least, the input features; and assigning reconstruction score thresholds to, at least, each input feature of the input features based on the levels of sensitivity. 13 . The method of claim 8 , wherein performing the untraining process comprises: performing a third training process using a second training data set to obtain an updated shared body portion and to reduce the ability of the second inference generation path to infer, at least, the input features; freezing the updated shared body portion; and while the updated shared body portion is frozen: performing a fourth training process using the second training data set to increase the ability of the second inference generation path to infer, at least, the input features and obtain an updated reconstruction head portion. 14 . The method of claim 13 , wherein performing the untraining process further comprises: making a determination, using the updated shared body portion and the updated reconstruction head portion, regarding whether a reconstruction score for a first input feature of the input features falls below a reconstruction score threshold associated with the first input feature; in an instance of the determination in which the reconstruction score falls below the reconstruction score threshold: concluding that the updated shared body portion is to be used to update the first inference generation path. 15 . The method of claim 1 , wherein the second location has access to input data for the inference model and the location does not have access to the input data. 16 . The method of claim 1 , wherein the model repository comprises: at least one input data attack resistant inference model; and at least one non-input data attack resistant inference model. 17 . A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing use of inference models, the operations comprising: identifying an occurrence of an inference model deployment event for a location; based on the occurrence, making a determination regarding whether the location is trustworthy; in a first instance of the determination in which the location is not trustworthy: selecting, from a model repository, an input data attack resistant inference model, the input data attack resistant inference model being trained to impart reconstruction resistance to, at least, input features during inference generation based on a schema for weighting, at least, the input features for reconstruction resistance; initiating deployment of a prediction head portion of the input data attack resistant inference model to the location and a shared body portion of the input data at