Perception-guided Jailbreak against Text-to-Image Models
This addresses security concerns for users and developers of T2I models by enabling jailbreak attacks, though it is incremental as it builds on existing jailbreak techniques.
The paper tackles the problem of generating inappropriate images from Text-to-Image models by proposing a perception-guided jailbreak method that uses safe phrases as substitutions for unsafe words, achieving verified effectiveness across six open-source models and commercial services.
In recent years, Text-to-Image (T2I) models have garnered significant attention due to their remarkable advancements. However, security concerns have emerged due to their potential to generate inappropriate or Not-Safe-For-Work (NSFW) images. In this paper, inspired by the observation that texts with different semantics can lead to similar human perceptions, we propose an LLM-driven perception-guided jailbreak method, termed PGJ. It is a black-box jailbreak method that requires no specific T2I model (model-free) and generates highly natural attack prompts. Specifically, we propose identifying a safe phrase that is similar in human perception yet inconsistent in text semantics with the target unsafe word and using it as a substitution. The experiments conducted on six open-source models and commercial online services with thousands of prompts have verified the effectiveness of PGJ.