ART: Automatic Red-teaming for Text-to-Image Models to Protect Benign Users

TL;DR

This paper introduces ART, an automatic red-teaming framework that uses vision-language and large language models to identify safety vulnerabilities in text-to-image models, revealing their toxicity and safety risks.

Contribution

The paper presents a novel automated approach for systematically evaluating safety risks in text-to-image models, including new datasets and validation of ART's effectiveness.

Findings

Revealed toxicity in popular open-source text-to-image models

Validated ART's effectiveness, adaptability, and diversity

Provided large-scale red-teaming datasets for safety risk analysis

Abstract

Large-scale pre-trained generative models are taking the world by storm, due to their abilities in generating creative content. Meanwhile, safeguards for these generative models are developed, to protect users' rights and safety, most of which are designed for large language models. Existing methods primarily focus on jailbreak and adversarial attacks, which mainly evaluate the model's safety under malicious prompts. Recent work found that manually crafted safe prompts can unintentionally trigger unsafe generations. To further systematically evaluate the safety risks of text-to-image models, we propose a novel Automatic Red-Teaming framework, ART. Our method leverages both vision language model and large language model to establish a connection between unsafe generations and their prompts, thereby more efficiently identifying the model's vulnerabilities. With our comprehensive experiments, we reveal the toxicity of the popular open-source text-to-image models. The experiments also validate the effectiveness, adaptability, and great diversity of ART. Additionally, we introduce three large-scale red-teaming datasets for studying the safety risks associated with text-to-image models. Datasets and models can be found in https://github.com/GuanlinLee/ART.