Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes

TL;DR

This paper demonstrates that off-the-shelf image-to-image generative AI models can effectively bypass existing image protection schemes by acting as generic denoisers, exposing a significant vulnerability in current image security methods.

Contribution

It introduces a simple, universal attack method using standard GenAI models to defeat various image protection schemes, outperforming specialized attacks.

Findings

Universal attack method successfully bypasses multiple protections

Off-the-shelf GenAI models outperform specialized attacks

Many protection schemes are vulnerable to generic denoising attacks

Abstract

Advances in Generative AI (GenAI) have led to the development of various protection strategies to prevent the unauthorized use of images. These methods rely on adding imperceptible protective perturbations to images to thwart misuse such as style mimicry or deepfake manipulations. Although previous attacks on these protections required specialized, purpose-built methods, we demonstrate that this is no longer necessary. We show that off-the-shelf image-to-image GenAI models can be repurposed as generic ``denoisers" using a simple text prompt, effectively removing a wide range of protective perturbations. Across 8 case studies spanning 6 diverse protection schemes, our general-purpose attack not only circumvents these defenses but also outperforms existing specialized attacks while preserving the image's utility for the adversary. Our findings reveal a critical and widespread vulnerability in the current landscape of image protection, indicating that many schemes provide a false sense of security. We stress the urgent need to develop robust defenses and establish that any future protection mechanism must be benchmarked against attacks from off-the-shelf GenAI models. Code is available in this repository: https://github.com/mlsecviswanath/img2imgdenoiser