this post was submitted on 23 Oct 2023
562 points (86.3% liked)

Technology

59600 readers
3487 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
562
This new data poisoning tool lets artists fight back against generative AI (www.technologyreview.com)
submitted 1 year ago by ElectroVagrant@lemmy.world to c/technology@lemmy.world
126 comments fedilink hide all child comments
 

A new tool lets artists add invisible changes to the pixels in their art before they upload it online so that if it’s scraped into an AI training set, it can cause the resulting model to break in chaotic and unpredictable ways.

The tool, called Nightshade, is intended as a way to fight back against AI companies that use artists’ work to train their models without the creator’s permission.
[...]
Zhao’s team also developed Glaze, a tool that allows artists to “mask” their own personal style to prevent it from being scraped by AI companies. It works in a similar way to Nightshade: by changing the pixels of images in subtle ways that are invisible to the human eye but manipulate machine-learning models to interpret the image as something different from what it actually shows.

you are viewing a single comment's thread
view the rest of the comments
[–] ayaya@lemdro.id 6 points 1 year ago (3 children)

Obviously this is using some bug and/or weakness in the existing training process, so couldn't they just patch the mechanism being exploited?

Or at the very least you could take a bunch of images, purposely poison them, and now you have a set of poisoned images and their non-poisoned counterparts allowing you to train another model to undo it.

Sure you've set up a speedbump but this is hardly a solution.

[–] egeres@lemmy.world 1 points 1 year ago

No! It's not using an internal exploit, it's rather about finding a way to visually represent almost the same image, but instead using latent features with different artists (e.g, which would confuse a dreambooth+lora training), however, the method they proposed is flawed, I commented more on https://lemmy.world/comment/4770884

[–] AnonTwo@kbin.social -1 points 1 year ago (1 children)

Obviously this is using some bug and/or weakness in the existing training process, so couldn’t they just patch the mechanism being exploited?

I'd assume the issue is that if someone tried to patch it out, it could legally be shown they were disregarding people's copyright.

[–] FaceDeer@kbin.social 12 points 1 year ago (2 children)

It isn't against copyright to train models on published art.

[–] AnonTwo@kbin.social 2 points 1 year ago (3 children)

The general argument legally is that the AI has no exact memory of the copyrighted material.

But if that's the case, then these pixels shouldn't need be patched. Because it wouldn't remember the material that spawned them.

Is just the argument I assume would be used.

[–] Maven@lemmy.sdf.org 9 points 1 year ago

It's like training an artist who's never seen a banana or a fire hydrant, by passing them pictures of fire hydrants labelled "this is a banana". When you ask for a banana, you'll get a fire hydrant. Correcting that mistake doesn't mean "undoing pixels", it means teaching the AI what bananas and fire hydrants are.

[–] FaceDeer@kbin.social 4 points 1 year ago

Well, I guess we'll see how that argument plays in court. I don't see how it follows, myself.

[–] KeenFlame@feddit.nu 1 points 1 year ago

What is "patching pixels" and who would do it?

[–] Jagger2097@lemmy.world 0 points 1 year ago (1 children)

Explain

[–] FaceDeer@kbin.social 8 points 1 year ago

In order to violate copyright you need to copy the copyrighted material. Training an AI model doesn't do that.

[–] MxM111@kbin.social -4 points 1 year ago (2 children)

Obviously, with so many different AIs, this can not be a factor (a bug).

If you have no problem looking at the image, then AI would not either. After all both you and AI are neural networks.

[–] skulblaka@kbin.social 8 points 1 year ago

The neural network of a human and of an AI operate in fundamentally different ways. They also interact with an image in fundamentally different ways.

[–] driving_crooner@lemmy.eco.br 1 points 1 year ago (1 children)

An AI don't see the images like we do, an AI see a matrix of RGB values and the relationship they have with each other and create an statistical model of the color value of each pixel for a determined prompt.

[–] lloram239@feddit.de 1 points 1 year ago

That's not quite how it works. The pixels are just the first layer. Those get broken down into edges. The edges get broken down into shape. The shapes get broken down into features like eyes, noses, etc. Those get broken down into faces. And so on. It's hierarchical feature detection. Which also happens to be what the human brain does.

The actual "drawing" the AI does is quite a bit different however. The diffusion works by starting with random noise and then gradually denoising it until an image emerges. While humans can approach painting that way, it's rather rarely done so.