Warfare:Breaking the Watermark Protection of AI-Generated Content
This work addresses security risks in regulating AI-generated content, which is crucial for preventing policy violations like unauthorized commercialization, though it is incremental as it builds on existing attack methods.
The paper tackles the vulnerability of watermarking for AI-generated content by demonstrating two attacks: watermark removal to evade regulation and watermark forging to cause misattribution, achieving high success rates while preserving content quality.
AI-Generated Content (AIGC) is rapidly expanding, with services using advanced generative models to create realistic images and fluent text. Regulating such content is crucial to prevent policy violations, such as unauthorized commercialization or unsafe content distribution. Watermarking is a promising solution for content attribution and verification, but we demonstrate its vulnerability to two key attacks: (1) Watermark removal, where adversaries erase embedded marks to evade regulation, and (2) Watermark forging, where they generate illicit content with forged watermarks, leading to misattribution. We propose Warfare, a unified attack framework leveraging a pre-trained diffusion model for content processing and a generative adversarial network for watermark manipulation. Evaluations across datasets and embedding setups show that Warfare achieves high success rates while preserving content quality. We further introduce Warfare-Plus, which enhances efficiency without compromising effectiveness. The code can be found in https://github.com/GuanlinLee/warfare.