PromptLA: Towards Integrity Verification of Black-box Text-to-Image Diffusion Models
This addresses regulatory challenges for AI deployment by providing a method to verify model integrity, which is incremental as it applies existing statistical techniques to a new domain.
The paper tackles the problem of verifying the integrity of black-box text-to-image diffusion models to detect malicious fine-tuning for illegal content generation, achieving a mean AUC of over 0.96 in detection, which exceeds baselines by more than 0.2.
Despite the impressive synthesis quality of text-to-image (T2I) diffusion models, their black-box deployment poses significant regulatory challenges: Malicious actors can fine-tune these models to generate illegal content, circumventing existing safeguards through parameter manipulation. Therefore, it is essential to verify the integrity of T2I diffusion models. To this end, considering the randomness within the outputs of generative models and the high costs in interacting with them, we discern model tampering via the KL divergence between the distributions of the features of generated images. We propose a novel prompt selection algorithm based on learning automaton (PromptLA) for efficient and accurate verification. Evaluations on four advanced T2I models (e.g., SDXL, FLUX.1) demonstrate that our method achieves a mean AUC of over 0.96 in integrity detection, exceeding baselines by more than 0.2, showcasing strong effectiveness and generalization. Additionally, our approach achieves lower cost and is robust against image-level post-processing. To the best of our knowledge, this paper is the first work addressing the integrity verification of T2I diffusion models, which establishes quantifiable standards for AI copyright litigation in practice.