AEIOU: A Unified Defense Framework against NSFW Prompts in Text-to-Image Models

TL;DR

AEIOU is a versatile, efficient, and interpretable framework that enhances safety in text-to-image models by accurately detecting NSFW prompts using hidden state features, outperforming existing moderation tools.

Contribution

This paper introduces AEIOU, a novel unified defense framework that leverages hidden state features for accurate, real-time NSFW prompt detection in T2I models, with broad adaptability and improved efficiency.

Findings

Achieves over 95% accuracy across datasets.

Improves detection efficiency by at least tenfold.

Effectively counters adaptive and multi-label attacks.

Abstract

As text-to-image (T2I) models advance and gain widespread adoption, their associated safety concerns are becoming increasingly critical. Malicious users exploit these models to generate Not-Safe-for-Work (NSFW) images using harmful or adversarial prompts, underscoring the need for effective safeguards to ensure the integrity and compliance of model outputs. However, existing detection methods often exhibit low accuracy and inefficiency. In this paper, we propose AEIOU, a defense framework that is adaptable, efficient, interpretable, optimizable, and unified against NSFW prompts in T2I models. AEIOU extracts NSFW features from the hidden states of the model's text encoder, utilizing the separable nature of these features to detect NSFW prompts. The detection process is efficient, requiring minimal inference time. AEIOU also offers real-time interpretation of results and supports optimization through data augmentation techniques. The framework is versatile, accommodating various T2I architectures. Our extensive experiments show that AEIOU significantly outperforms both commercial and open-source moderation tools, achieving over 95\% accuracy across all datasets and improving efficiency by at least tenfold. It effectively counters adaptive attacks and excels in few-shot and multi-label scenarios.