Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes
This reveals a critical vulnerability in current image protection methods, indicating they provide a false sense of security, which is a problem for developers and users relying on these defenses against misuse like deepfakes.
The paper tackled the problem of defeating image protection schemes by showing that off-the-shelf image-to-image generative AI models can be repurposed as generic denoisers to remove protective perturbations, outperforming specialized attacks across 8 case studies and 6 diverse schemes.
Advances in Generative AI (GenAI) have led to the development of various protection strategies to prevent the unauthorized use of images. These methods rely on adding imperceptible protective perturbations to images to thwart misuse such as style mimicry or deepfake manipulations. Although previous attacks on these protections required specialized, purpose-built methods, we demonstrate that this is no longer necessary. We show that off-the-shelf image-to-image GenAI models can be repurposed as generic ``denoisers" using a simple text prompt, effectively removing a wide range of protective perturbations. Across 8 case studies spanning 6 diverse protection schemes, our general-purpose attack not only circumvents these defenses but also outperforms existing specialized attacks while preserving the image's utility for the adversary. Our findings reveal a critical and widespread vulnerability in the current landscape of image protection, indicating that many schemes provide a false sense of security. We stress the urgent need to develop robust defenses and establish that any future protection mechanism must be benchmarked against attacks from off-the-shelf GenAI models. Code is available in this repository: https://github.com/mlsecviswanath/img2imgdenoiser