TwoHamsters: Benchmarking Multi-Concept Compositional Unsafety in Text-to-Image Models
This work highlights a critical oversight in safety alignment for T2I models, revealing that existing defenses fail against compositional unsafe semantics, which is important for developers and regulators of generative AI.
The paper identifies a novel vulnerability in text-to-image models called Multi-Concept Compositional Unsafety (MCCU), where unsafe content arises from benign concepts combined. They introduce TwoHamsters, a benchmark of 17.5k prompts, and find that current models and defenses are severely vulnerable, with FLUX achieving 99.52% MCCU success and LLaVA-Guard only 41.06% recall.
Despite the remarkable synthesis capabilities of text-to-image (T2I) models, safeguarding them against content violations remains a persistent challenge. Existing safety alignments primarily focus on explicit malicious concepts, often overlooking the subtle yet critical risks of compositional semantics. To address this oversight, we identify and formalize a novel vulnerability: Multi-Concept Compositional Unsafety (MCCU), where unsafe semantics stem from the implicit associations of individually benign concepts. Based on this formulation, we introduce TwoHamsters, a comprehensive benchmark comprising 17.5k prompts curated to probe MCCU vulnerabilities. Through a rigorous evaluation of 10 state-of-the-art models and 16 defense mechanisms, our analysis yields 8 pivotal insights. In particular, we demonstrate that current T2I models and defense mechanisms face severe MCCU risks: on TwoHamsters, FLUX achieves an MCCU generation success rate of 99.52%, while LLaVA-Guard only attains a recall of 41.06%, highlighting a critical limitation of the current paradigm for managing hazardous compositional generation.