University of Chicago boffins this week released Nightshade 1.0, a tool built to punish unscrupulous makers of machine learning models who train their systems on data without getting permission first.
Nightshade is an offensive data poisoning tool, a companion to a defensive style protection tool called Glaze, which The Register covered in February last year.
Nightshade poisons image files to give indigestion to models that ingest data without permission. It's intended to make those training image-oriented models respect content creators' wishes about the use of their work.
"Nightshade is computed as a multi-objective optimization that minimizes visible changes to the original image," said the team responsible for the project.
"For example, human eyes might see a shaded image of a cow in a green field largely unchanged, but an AI model might see a large leather purse lying in the grass. "
Nightshade was developed by University of Chicago doctoral students Shawn Shan, Wenxin Ding, and Josephine Passananti, and professors Heather Zheng and Ben Zhao, some of whom also helped with Glaze.
Described in a research paper in October 2023, Nightshade is a prompt-specific poisoning attack. Poisoning an image involves picking a label (e.g. a cat) that describes what's actually depicted in order to blur the boundaries of that concept when the image gets ingested for model training.
So a user of a model trained on Nightshade poisoned images might submit a prompt for a cat and receive notification of an image of a dog or a fish. Unpredictable responses of this sort make text-to-image models significantly less useful, which means model makers have an incentive to ensure that they only train on data that's been offered freely.
"Nightshade can provide a powerful tool for content owners to protect their intellectual property against model trainers that disregard or ignore copyright notices, do-not-scrape/crawl directives, and opt-out lists," the authors state in their paper.
The failure to consider the wishes of artwork creators and owners led to a lawsuit filed last year, part of a broader pushback against the permissionless harvesting of data for the benefit of AI businesses. The infringement claim, made on behalf of several artists against Stability AI, Deviant Art and Midjourney, alleges that the Stable Diffusion model used by the defendant firms incorporates the artists' work without permission. The case, amended in November 2023 to include a new defendant, Runway AI, continues to be litigated.
The authors caution that Nightshade does have some limitations. Specifically, images processed with the software may be subtly different from the original, particularly artwork that uses flat colors and smooth backgrounds. Also, they observe that techniques for undoing Nightshade may be developed, though they believe they can adapt their software to keep pace with countermeasures.
Matthew Guzdial, assistant professor of computer science at University of Alberta, said in a social media post, "This is cool and timely work! But I worry it's being overhyped as the solution. It only works with CLIP-based models and per the authors, would require 8 million images 'poisoned' to have significant impact on generating similar images for LAION models."
Glaze, which reached 1.0 last June, has a web version, and is now on its 1.1.1 release, alters images to prevent models trained on those images from replicating the artist's visual style.
Style mimicry – available through closed text-to-image services like Midjourney and through open-source models like Stable Diffusion – is possible simply by prompting a text-to-image model to produce an image in the style of a specific artist.
The team believe artists should have a way to prevent the capture and reproduction of their visual styles.
"Style mimicry produces a number of harmful outcomes that may not be obvious at first glance," the boffins state. "For artists whose styles are intentionally copied, not only do they see loss in commissions and basic income, but low quality synthetic copies scattered online dilute their brand and reputation. Most importantly, artists associate their styles with their very identity."
They liken style mimicry to identity theft and say that it disincentivizes aspiring artists to create new work.
The team recommends that artists use both Nightshade and Glaze. Presently the two tools each must be downloaded and installed separately, but a combined version is being developed. ®
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://go.theregister.com/feed/www.theregister.com/2024/01/20/nightshade_ai_images/
- :has
- :is
- :not
- 1
- 2023
- 8
- a
- About
- actually
- adapt
- against
- AI
- alberta
- alleges
- also
- an
- and
- ARE
- Art
- artist
- Artists
- artwork
- AS
- aspiring
- Assistant
- Associate
- At
- attack
- authors
- available
- backgrounds
- basic
- Basic Income
- BE
- been
- behalf
- being
- believe
- ben
- benefit
- blur
- both
- boundaries
- brand
- broader
- built
- businesses
- but
- by
- called
- CAN
- capture
- case
- CAT
- caution
- Changes
- chicago
- claim
- closed
- CO
- combined
- commissions
- companion
- computer
- computer science
- concept
- Consider
- content
- content creators
- content owners
- Cool
- copies
- copyright
- create
- creators
- cs
- data
- defensive
- describes
- developed
- different
- Diffusion
- directives
- do
- does
- Dog
- e
- each
- ensure
- Ether (ETH)
- example
- Eyes
- Failure
- February
- field
- Files
- firms
- First
- Fish
- flat
- For
- freely
- from
- generating
- getting
- Give
- Glance
- grass
- Green
- harmful
- Harvesting
- Have
- helped
- HTML
- HTTPS
- human
- i
- Identity
- identity theft
- ignore
- image
- images
- Impact
- importantly
- in
- Incentive
- include
- Income
- incorporates
- infringement
- intellectual
- intellectual property
- intended
- intentionally
- involves
- IT
- ITS
- jpg
- june
- Keep
- Label
- large
- largely
- Last
- Last Year
- lawsuit
- learning
- Led
- less
- like
- limitations
- Lists
- loss
- Low
- machine
- machine learning
- made
- make
- Makers
- May..
- means
- Media
- MidJourney
- might
- million
- minimizes
- misuse
- model
- models
- most
- must
- New
- notification
- November
- now
- number
- observe
- obvious
- october
- of
- offensive
- offered
- on
- online
- only
- open source
- optimization
- or
- order
- original
- outcomes
- owners
- Pace
- Paper
- part
- particularly
- per
- permission
- permissionless
- picking
- plato
- Plato Data Intelligence
- PlatoData
- poison
- possible
- powerful
- presently
- prevent
- processed
- produce
- produces
- Professor
- project
- property
- protect
- protection
- provide
- purse
- quality
- reached
- receive
- recommends
- released
- reproduction
- reputation
- require
- respect
- responses
- responsible
- runway
- s
- Said
- say
- scattered
- Science
- see
- Services
- several
- shawn
- should
- significant
- significantly
- similar
- simply
- smooth
- Social
- social media
- Software
- solution
- some
- specific
- specifically
- Stability
- stable
- State
- Students
- style
- styles
- submit
- synthetic
- Systems
- team
- techniques
- that
- The
- theft
- their
- they
- this
- this week
- those
- though?
- Through
- timely
- to
- tool
- tools
- Train
- trained
- Training
- two
- university
- University of Chicago
- unpredictable
- use
- used
- useful
- User
- uses
- version
- very
- visible
- visual
- was
- Way..
- web
- week
- What
- when
- which
- WHO
- whom
- whose
- wishes
- with
- without
- Work
- works
- worry
- would
- year
- zephyrnet
- Zhao
