Architecture-Agnostic Feature Synergy for Universal Defense Against Heterogeneous Generative Threats

TL;DR

This paper introduces ATFS, a universal defense framework that aligns high-level features across diverse generative models to effectively protect against heterogeneous threats, overcoming limitations of architecture-specific defenses.

Contribution

We propose a novel, architecture-agnostic feature alignment method that enhances robustness against diverse generative threats without complex modifications.

Findings

Achieves state-of-the-art protection in heterogeneous scenarios

Converges rapidly within 40 iterations to over 90% performance

Maintains robustness under compression and scaling attacks

Abstract

Generative AI deployment poses unprecedented challenges to content safety and privacy. However, existing defense mechanisms are often tailored to specific architectures (e.g., Diffusion Models or GANs), creating fragile "defense silos" that fail against heterogeneous generative threats. This paper identifies a fundamental optimization barrier in naive pixel-space ensemble strategies: due to divergent objective functions, pixel-level gradients from heterogeneous generators become statistically orthogonal, causing destructive interference. To overcome this, we observe that despite disparate low-level mechanisms, high-level feature representations of generated content exhibit alignment across architectures. Based on this, we propose the Architecture-Agnostic Targeted Feature Synergy (ATFS) framework. By introducing a target guidance image, ATFS reformulates multi-model defense as a unified feature space alignment task, enabling intrinsic gradient alignment without complex rectification. Extensive experiments show ATFS achieves SOTA protection in heterogeneous scenarios (e.g., Diffusion+GAN). It converges rapidly, reaching over 90% performance within 40 iterations, and maintains strong attack potency even under tight perturbation budgets. The framework seamlessly extends to unseen architectures (e.g., VQ-VAE) by switching the feature extractor, and demonstrates robust resistance to JPEG compression and scaling. Being computationally efficient and lightweight, ATFS offers a viable pathway to dismantle defense silos and enable universal generative security. Code and models are open-sourced for reproducibility.