Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes

Advances in Generative AI (GenAI) have led to the development of various protection strategies to prevent the unauthorized use of images. These methods rely on adding imperceptible protective perturbations to images to thwart misuse such as style mimicry or deepfake manipulations. Although previous attacks on these protections required specialized, purpose-built methods, we demonstrate that this is no longer necessary. We show that off-the-shelf image-to-image GenAI models can be repurposed as generic ``denoisers" using a simple text prompt, effectively removing a wide range of protective perturbations. Across 8 case studies spanning 6 diverse protection schemes, our general-purpose attack not only circumvents these defenses but also outperforms existing specialized attacks while preserving the image's utility for the adversary. Our findings reveal a critical and widespread vulnerability in the current landscape of image protection, indicating that many schemes provide a false sense of security. We stress the urgent need to develop robust defenses and establish that any future protection mechanism must be benchmarked against attacks from off-the-shelf GenAI models. Code is available in this repository: https://github.com/mlsecviswanath/img2imgdenoiser

Key Contributions

• Shows that off-the-shelf image-to-image generative models can be repurposed as generic denoisers via simple text prompts, requiring no attack-specific engineering
• Evaluates the approach across 8 case studies spanning 6 diverse image protection schemes (style mimicry and deepfake prevention), outperforming existing specialized attacks while preserving image utility
• Establishes a new baseline requirement: future image protection mechanisms must be benchmarked against off-the-shelf GenAI model attacks

🛡️ Threat Analysis

Details

Similar Papers