An indicator for effectiveness of text-to-image guardrails utilizing the Single-Turn Crescendo Attack (STCA)

TL;DR

This paper introduces an indicator to evaluate the robustness of text-to-image guardrails using the Single-Turn Crescendo Attack (STCA), demonstrating how effectively it can bypass safeguards in models like DALL-E 3.

Contribution

It extends the STCA method to text-to-image models and provides a framework for benchmarking guardrail effectiveness against adversarial attacks.

Findings

STCA successfully bypasses DALL-E 3 guardrails

Comparable outputs to uncensored models achieved

Framework for evaluating guardrail robustness established

Abstract

The Single-Turn Crescendo Attack (STCA), first introduced in Aqrawi and Abbasi [2024], is an innovative method designed to bypass the ethical safeguards of text-to-text AI models, compelling them to generate harmful content. This technique leverages a strategic escalation of context within a single prompt, combined with trust-building mechanisms, to subtly deceive the model into producing unintended outputs. Extending the application of STCA to text-to-image models, we demonstrate its efficacy by compromising the guardrails of a widely-used model, DALL-E 3, achieving outputs comparable to outputs from the uncensored model Flux Schnell, which served as a baseline control. This study provides a framework for researchers to rigorously evaluate the robustness of guardrails in text-to-image models and benchmark their resilience against adversarial attacks.