CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
Scientists explain to tech giants why tagging AI content is a bad idea.
Major tech companies such as Google, Amazon, and OpenAI said back in July that they would watermark content created by artificial intelligence for security reasons. However, researchers from the University of Maryland warn that the method is unlikely to be effective.
Watermarks are invisible or barely visible labels that the creator inserts in images, videos, or audio to secure authorship. The goal of corporations is to enable people to recognize AI content (using special mechanisms), even if someone tries to pass it off as human. And also to counteract the spread of disinformation and deepfakes.
According to a recently published study, the problem lies in the contradictions between the reliability and accuracy of tag detection. The higher the accuracy (fewer false positives), the lower the reliability (more omissions).
Two models of potential attacks were tested. The first scheme focuses on completely invisible signs. Usually, developers add low noise or small pixel distortions to create them. The researchers also used the method of "diffusion image cleaning", which effectively eliminates distortion.
Additional noise was applied to the protected image, and then a mathematical algorithm was applied to remove it, which "at the same time" erased the watermarks.
For images with clearly visible watermarks that are not affected by the "diffusion" method, we created a simulation mechanism. It makes clean images look like they already have labels on them.
"Models that add watermarks to images are assigned to mark the image with white noise. After that, the "noisy" image with a watermark is integrated with the usual ones. This trick can trick the detector into thinking that all materials are protected, " the article says.
According to the researchers, in the future, there may be new, more advanced marking methods, but fraudsters will certainly respond with even more sophisticated attacks. It turns out that an "arms race" in this area is inevitable.
In addition, scientists note parallels between the described problem and the situation with CAPTCHA tests, which also lose their effectiveness as computer vision develops.
Machine learning is rapidly advancing and will soon be able not only to recognize visual images, but also to generate the most realistic text and multimedia. This means that at some point, it will be completely impossible to distinguish human-made content from AI materials.
Despite the efforts of technology companies, the problem of reliable identification of AI materials remains open.
Major tech companies such as Google, Amazon, and OpenAI said back in July that they would watermark content created by artificial intelligence for security reasons. However, researchers from the University of Maryland warn that the method is unlikely to be effective.
Watermarks are invisible or barely visible labels that the creator inserts in images, videos, or audio to secure authorship. The goal of corporations is to enable people to recognize AI content (using special mechanisms), even if someone tries to pass it off as human. And also to counteract the spread of disinformation and deepfakes.
According to a recently published study, the problem lies in the contradictions between the reliability and accuracy of tag detection. The higher the accuracy (fewer false positives), the lower the reliability (more omissions).
Two models of potential attacks were tested. The first scheme focuses on completely invisible signs. Usually, developers add low noise or small pixel distortions to create them. The researchers also used the method of "diffusion image cleaning", which effectively eliminates distortion.
Additional noise was applied to the protected image, and then a mathematical algorithm was applied to remove it, which "at the same time" erased the watermarks.
For images with clearly visible watermarks that are not affected by the "diffusion" method, we created a simulation mechanism. It makes clean images look like they already have labels on them.
"Models that add watermarks to images are assigned to mark the image with white noise. After that, the "noisy" image with a watermark is integrated with the usual ones. This trick can trick the detector into thinking that all materials are protected, " the article says.
According to the researchers, in the future, there may be new, more advanced marking methods, but fraudsters will certainly respond with even more sophisticated attacks. It turns out that an "arms race" in this area is inevitable.
In addition, scientists note parallels between the described problem and the situation with CAPTCHA tests, which also lose their effectiveness as computer vision develops.
Machine learning is rapidly advancing and will soon be able not only to recognize visual images, but also to generate the most realistic text and multimedia. This means that at some point, it will be completely impossible to distinguish human-made content from AI materials.
Despite the efforts of technology companies, the problem of reliable identification of AI materials remains open.
