Sheejith's Personal Site

"Poison pill" could sabotage AI trained with unlicensed images

Artists looking to protect their works from AI models may soon be able add invisible pixels to their art that could thwart image-generating model seeking to copy and train on that art.

The big picture: The goal of this "poison pill" is to trick an AI model during its training phase into cataloging an image as something other than it is, causing the model to generate useless results.

Why it matters: The tool (called "Nightshade") gives creators a way to penalize AI developers who try to use their work without permission, attribution and compensation — without resorting to a lawsuit.

Ben Zhao, a University of Chicago professor and the lead developer of Nightshade, told Axios that it takes less than a few hundred poisoned images to severely damage new versions of a model such as DALL-E, Midjourney or Stable Diffusion.
Zhao proposes Nightshade "as a last defense for content creators against web scrapers that ignore opt-out/do-not-crawl directives."

How it works: Nightshade's creators say their "prompt-specific poisoning attacks" can undermine how AI models categorize specific images.They have outlined their work in a paper that is yet to be peer reviewed.

They frame their innovation as a counter-offensive against AI developers scraping the open internet for content.
"Data poisoning attacks manipulate training data to introduce unexpected behaviors into machine learning models at training time ... effectively disabling its ability to generate meaningful images," according to the research paper.
The effect is for animals to be labeled as plants, or buildings as flowers, and for these errors to create further problems in the model's general features.
Nightshade will be open to all developers, and also integrated be into an existing tool called Glaze.

Posted on: 10/28/2023 3:38:01 AM


You must be logged in to enter talkback comments.