Poisoning Images

Shows original image and distorted image that AI sees after Nightshade

The relatively quick integration of chat-based AI into public-facing services is causing our profession to rethink and re-craft decades-old policies and processes. However, we understand text-based services. We use them all day, every day. But text isn’t the only format being assimilated. Images are also being scraped from public sites and used to train Large Language Models (LLM) that support AI image creation services like MidJourney, DALL-E and Stable Diffusion.

I have presented and trained on the Internet and the Web for years. No matter the audience, we always covered copyright. It was so easy to copy an image to use elsewhere. It was also illegal. Just because it is publicly-available does not mean that it is copyright-free. When I understood where the LLMs were getting their images, I was confused. How were they doing this in light of copyright? I found out that they were not considering copyright.

This is changing as these services consider the rights of artists. The artists, however, are not waiting. Some are “fooling” AI by providing images that look accurate to us, but are seen differently by the LLMs.

Nightshade was created at the University of Chicago and “poisons” images on the Web, making the data useless, and possibly disruptive, to the AI model. The software modifies pixels in the image: ” . . . an image of a cow flying in space might instead get an image of a handbag floating in space.” (from the Nightshade website). We would see the cow in space; the AI model “sees” data that reflects a handbag floating in space.

Glaze is another creation by the same group. Whereas Nightshade poisons AI models, Glaze protects artists’ styles. We would see an artist’s original style, e.g., modern abstract, while Glaze has made small changes to the data so that the AI model might see something more reminiscent of Rembrandt.

You can see an image that used both Nightshade and Glaze at the top of this post. We would see the first image; the AI model would “see” the second. The goal is to protect artists’ work and to encourage makers of AI models to either fairly compensate artists or to abide by their wishes not to be included. At this point, a small percentage of artists are using this software. If many did, however, it is possible to envision a time when AI image-based services become unreliable.

The research papers are available in arXiv.org and on the University of Chicago website:

I found these videos and articles helpful in understanding this topic: