Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes

• URL: http://arxiv.org/abs/2602.22197v1
• Date: Wed, 25 Feb 2026 18:46:30 GMT
• Title: Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes
• Authors: Xavier Pleimling, Sifat Muhammad Abdullah, Gunjan Balde, Peng Gao, Mainack Mondal, Murtuza Jadliwala, Bimal Viswanath,
• Abstract summary: We show that off-the-shelf image-to-image GenAI models can be repurposed as generic denoisers" using a simple text prompt.<n>Our findings reveal a critical and widespread vulnerability in the current landscape of image protection, indicating that many schemes provide a false sense of security.
• Score: 16.291584448627372
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Advances in Generative AI (GenAI) have led to the development of various protection strategies to prevent the unauthorized use of images. These methods rely on adding imperceptible protective perturbations to images to thwart misuse such as style mimicry or deepfake manipulations. Although previous attacks on these protections required specialized, purpose-built methods, we demonstrate that this is no longer necessary. We show that off-the-shelf image-to-image GenAI models can be repurposed as generic ``denoisers" using a simple text prompt, effectively removing a wide range of protective perturbations. Across 8 case studies spanning 6 diverse protection schemes, our general-purpose attack not only circumvents these defenses but also outperforms existing specialized attacks while preserving the image's utility for the adversary. Our findings reveal a critical and widespread vulnerability in the current landscape of image protection, indicating that many schemes provide a false sense of security. We stress the urgent need to develop robust defenses and establish that any future protection mechanism must be benchmarked against attacks from off-the-shelf GenAI models. Code is available in this repository: https://github.com/mlsecviswanath/img2imgdenoiser

Related papers

• Adapter Shield: A Unified Framework with Built-in Authentication for Preventing Unauthorized Zero-Shot Image-to-Image Generation [74.5813283875938]
  Zero-shot image-to-image generation poses substantial risks related to intellectual property violations.<n>This work presents Adapter Shield, the first universal and authentication-integrated solution aimed at defending personal images from misuse.<n>Our method surpasses existing state-of-the-art defenses in blocking unauthorized zero-shot image synthesis.
  arXiv  Detail & Related papers  (2025-11-25T04:49:16Z)
• Fragile by Design: On the Limits of Adversarial Defenses in Personalized Generation [26.890796322896346]
  Defense mechanisms like Anti-DreamBooth attempt to mitigate the risk of facial identity leakage.<n>We identify two critical yet overlooked limitations of these methods.<n>Results reveal that none of the current methods maintains their protective effectiveness under such threats.
  arXiv  Detail & Related papers  (2025-11-13T14:56:25Z)
• SafeGuider: Robust and Practical Content Safety Control for Text-to-Image Models [74.11062256255387]
  Text-to-image models are highly vulnerable to adversarial prompts, which can bypass safety measures and produce harmful content.<n>We introduce SafeGuider, a two-step framework designed for robust safety control without compromising generation quality.<n>SafeGuider demonstrates exceptional effectiveness in minimizing attack success rates, achieving a maximum rate of only 5.48% across various attack scenarios.
  arXiv  Detail & Related papers  (2025-10-05T10:24:48Z)
• Anti-Tamper Protection for Unauthorized Individual Image Generation [12.863447377767182]
  Anti-Tamper Perturbation (ATP) is a tamper-proof mechanism within the perturbation.<n>ATP demonstrates its effectiveness in defending forgery attacks across various attack settings.
  arXiv  Detail & Related papers  (2025-08-05T20:34:25Z)
• Leveraging Generalizability of Image-to-Image Translation for Enhanced Adversarial Defense [2.441856543314551]
  Adversarial attacks highlight a critical vulnerability in machine learning models.<n>This study introduces an improved model that incorporates residual blocks to enhance generalizability.<n> Experiments show that our model can restore the classification accuracy from near zero to an average of 72%.
  arXiv  Detail & Related papers  (2025-04-02T06:38:28Z)
• Tit-for-Tat: Safeguarding Large Vision-Language Models Against Jailbreak Attacks via Adversarial Defense [90.71884758066042]
  Large vision-language models (LVLMs) introduce a unique vulnerability: susceptibility to malicious attacks via visual inputs.<n>We propose ESIII (Embedding Security Instructions Into Images), a novel methodology for transforming the visual space from a source of vulnerability into an active defense mechanism.
  arXiv  Detail & Related papers  (2025-03-14T17:39:45Z)
• Antelope: Potent and Concealed Jailbreak Attack Strategy [7.970002819722513]
  Antelope is a more robust and covert jailbreak attack strategy designed to expose security vulnerabilities inherent in generative models.<n>We successfully exploit the transferability of model-based attacks to penetrate online black-box services.
  arXiv  Detail & Related papers  (2024-12-11T07:22:51Z)
• Pixel Is Not a Barrier: An Effective Evasion Attack for Pixel-Domain Diffusion Models [9.905296922309157]
  Diffusion Models have emerged as powerful generative models for high-quality image synthesis, with many subsequent image editing techniques based on them.<n>Previous works have attempted to safeguard images from diffusion-based editing by adding imperceptible perturbations.<n>Our work proposes a novel attack framework, AtkPDM, which exploits vulnerabilities in denoising UNets and a latent optimization strategy to enhance the naturalness of adversarial images.
  arXiv  Detail & Related papers  (2024-08-21T17:56:34Z)
• Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI [61.35083814817094]
  Several protection tools against style mimicry have been developed that incorporate small adversarial perturbations into artworks published online.<n>We find that low-effort and "off-the-shelf" techniques, such as image upscaling, are sufficient to create robust mimicry methods that significantly degrade existing protections.<n>We caution that tools based on adversarial perturbations cannot reliably protect artists from the misuse of generative AI.
  arXiv  Detail & Related papers  (2024-06-17T18:51:45Z)
• Fingerprinting Image-to-Image Generative Adversarial Networks [53.02510603622128]
  Generative Adversarial Networks (GANs) have been widely used in various application scenarios. This paper presents a novel fingerprinting scheme for the Intellectual Property protection of image-to-image GANs based on a trusted third party.
  arXiv  Detail & Related papers  (2021-06-19T06:25:10Z)
• Online Alternate Generator against Adversarial Attacks [144.45529828523408]
  Deep learning models are notoriously sensitive to adversarial examples which are synthesized by adding quasi-perceptible noises on real images. We propose a portable defense method, online alternate generator, which does not need to access or modify the parameters of the target networks. The proposed method works by online synthesizing another image from scratch for an input image, instead of removing or destroying adversarial noises.
  arXiv  Detail & Related papers  (2020-09-17T07:11:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.