MIT's latest technique immunizes your images from AI manipulation
MIT researchers have created "PhotoGuard," a technique that safeguards images from artificial intelligence (AI) manipulation by using tiny pixel alterations called perturbations. These changes are invisible to us but can be detected by computer models. The tool will be helpful in combating the increased risk of AI misuse in the era of powerful models like DALL-E and Midjourney.
Why does this story matter?
AI image generators have reached a point where even the most inexperienced user can create an eerily convincing image with a simple text prompt. This could be used by many to spread misinformation online. People using AI to put Pope Francis in designer clothes or create hyperrealistic images of Donald Trump's arrest are examples of that. PhotoGuard could help with such issues.
Encoder attack makes minute adjustments to image's latent representation
PhotoGuard employs two "attack" methods: the "encoder" attack, which makes AI models see the image as random, and the more advanced "diffusion" attack, which defines "a target image and optimizes the perturbations to make the final image resemble the target as closely as possible." The encoder attack adds minute adjustments to an image's latent representation. This makes manipulating the image nearly impossible.
Diffusion attack takes on the model itself
The diffusion attack, on the other hand, targets the whole diffusion model. The diffusion attack makes "tiny, invisible" changes to the original image that makes it look like the target image to the AI model. This will make the model inadvertently make changes to the original image as if it is dealing with the target image.
The alarming consequences of AI manipulation
AI image models can be used to make innocent image tweaks to harmful alterations. MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) developed PhotoGuard to tackle these threats. AI image manipulation can impact market trends, public opinion, and personal images, leading to significant financial consequences. In extreme cases, these models could even be used to stage false crimes using simulated voices and images.
Overcoming challenges for secure visuals
PhotoGuard helps by defending against unauthorized AI edits while preserving an image's visual integrity. The diffusion attack is more resource-intensive and demands substantial GPU memory. Researchers suggest using fewer steps in the diffusion process to make the technique more practical. Adding perturbations before uploading an image can protect it from modifications, but the final result may lack realism compared to the original, non-immunized image.