New study warns that everyday AI tools are defeating state-of-the-art image protections – UT San Antonio Today

Home AI New study warns that everyday AI tools are defeating state-of-the-art image protections – UT San Antonio Today
New study warns that everyday AI tools are defeating state-of-the-art image protections – UT San Antonio Today

Artists, photographers and content creators have long turned to largely unseen digital protections to guard their work from being copied, manipulated or fed into AI systems without their permission. New research led in part by UT San Antonio reveals those protections may not be holding up.
Murtuza Jadliwala, PhD, computer science professor at UT San Antonio, partnered with researchers at Virginia Tech and Institute of Technology Kharagpur (India) on a study that found widely available AI tools can strip away state-of-the-art image protections using nothing more than a simple text prompt. No specialized hacking skills or custom-built attacks were needed — just an off-the-shelf AI model and a basic instruction to clean up an image.
“You can take a model like GPT-4o, which is quite easily available publicly, translate the image and then abuse that image in any way you like,” explained Bimal Viswanath, a researcher at Virginia Tech and co-lead on the study. “In essence, deepfakes would continue to be a problem even though you have these protections right now.”
As generative AI rose in popularity, researchers developed invisible protections embedded into images and designed to prevent AI models from learning or copying them.
The research team sought to explore how well those cloaks actually hold up. The team demonstrated this security vulnerability across eight case studies spanning six different protection schemes, including tools designed to prevent deepfakes, art-style mimicry and embed-traceable watermarks. They also show that this simple attack using foundation models like FLUX and GPT-4o prompted with an instruction as “denoise this image” can even outperform existing sophisticated attacks designed to remove such protections.
“It was indeed a surprise that we could so easily remove the protections,” Viswanath said. “These are very state-of-the-art schemes, each catering to different aspects of protection — and we found these serious weaknesses.”
Jadliwala describes the situation as a vicious cycle.
“It’s kind of like a cat and mouse game,” he said. “Researchers come up with these protection techniques — hiding an invisible signal into images to protect them. But at the same time, these models themselves are powerful enough to remove these signals very easily.”
For artists and creators, the stakes couldn’t be more real. Once a protected image is published online, an artist has no opportunity to update or strengthen that protection. A bad actor, however, has unlimited attempts to take advantage.
“You’re an artist and you don’t want anyone copying your style,” Viswanath said. “You protect your image, it’s out there — and you can’t fix it afterwards. But an adversary has innumerable chances at defeating that protection once it is out there.”
The team stresses a clear and urgent message to the AI security community: the development of robust defenses cannot wait, and any future protection mechanism must be benchmarked against off-the-shelf GenAI models from the beginning, not as an afterthought.
“If foundation models are able to remove these protective signals very easily, then you don’t need all these fancy attacks (against them) proposed in the literature,” Jadliwala said. “The resilience of image protection schemes against removal by frontier AI models should serve as a fundamental benchmark in evaluating their effectiveness”
Explore academics, research & campus life on our YouTube channel
Read the stories behind the stories in our university magazine
Read opinion pieces & commentaries from UTSA experts
Listen to podcasts from across the university
Information: 210-458-4011

source

Leave a Reply

Your email address will not be published.