Token-Level Constraint Boundary Search for Jailbreaking Text-to-Image Models
This addresses security risks in text-to-image generation for users and developers by enabling more effective adversarial attacks, though it is incremental as it builds on existing jailbreak techniques.
The paper tackles the problem of jailbreaking text-to-image models to bypass safety defenses by proposing TCBS-Attack, which searches for tokens near decision boundaries to generate adversarial prompts, achieving an ASR-4 of 45% and ASR-1 of 21% on full-chain models, outperforming state-of-the-art methods.
Recent advancements in Text-to-Image (T2I) generation have significantly enhanced the realism and creativity of generated images. However, such powerful generative capabilities pose risks related to the production of inappropriate or harmful content. Existing defense mechanisms, including prompt checkers and post-hoc image checkers, are vulnerable to sophisticated adversarial attacks. In this work, we propose TCBS-Attack, a novel query-based black-box jailbreak attack that searches for tokens located near the decision boundaries defined by text and image checkers. By iteratively optimizing tokens near these boundaries, TCBS-Attack generates semantically coherent adversarial prompts capable of bypassing multiple defensive layers in T2I models. Extensive experiments demonstrate that our method consistently outperforms state-of-the-art jailbreak attacks across various T2I models, including securely trained open-source models and commercial online services like DALL-E 3. TCBS-Attack achieves an ASR-4 of 45\% and an ASR-1 of 21\% on jailbreaking full-chain T2I models, significantly surpassing baseline methods.