Identifying Models Behind Text-to-Image Leaderboards

Text-to-image (T2I) models are increasingly popular, producing a large share of AI-generated images online. To compare model quality, voting-based leaderboards have become the standard, relying on anonymized model outputs for fairness. In this work, we show that such anonymity can be easily broken. We find that generations from each T2I model form distinctive clusters in the image embedding space, enabling accurate deanonymization without prompt control or training data. Using 22 models and 280 prompts (150K images), our centroid-based method achieves high accuracy and reveals systematic model-specific signatures. We further introduce a prompt-level distinguishability metric and conduct large-scale analyses showing how certain prompts can lead to near-perfect distinguishability. Our findings expose fundamental security flaws in T2I leaderboards and motivate stronger anonymization defenses.

Key Contributions

• Centroid-based deanonymization method that identifies which T2I model produced anonymized leaderboard outputs using image embedding clusters, without prompt control or training data access
• Prompt-level distinguishability metric to quantify how much a given prompt separates model outputs, identifying prompts that yield near-perfect model attribution
• Large-scale empirical analysis (22 models, 280 prompts, 150K images) exposing systematic model-specific signatures as a fundamental security flaw in voting-based T2I leaderboards

🛡️ Threat Analysis

Details

Similar Papers