Saved in:
Bibliographic Details
Main Authors: Yarkoni, Sol, Sharif, Mahmood, Livni, Roi
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.07947
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918276133552128
author Yarkoni, Sol
Sharif, Mahmood
Livni, Roi
author_facet Yarkoni, Sol
Sharif, Mahmood
Livni, Roi
contents Recent advances in generative models, such as diffusion models, have raised concerns related to privacy, copyright infringement, and data stewardship. To better understand and control these risks, prior work has introduced techniques and attacks that reconstruct images, or parts of images, from training data. While these results demonstrate that training data can be recovered, existing methods often rely on high computational resources, partial access to the training set, or carefully engineered prompts. In this work, we present a new attack that requires low resources, assumes little to no access to the training data, and identifies seemingly benign prompts that can lead to potentially risky image reconstruction. We further show that such reconstructions may occur unintentionally, even for users without specialized knowledge. For example, we observe that for one existing model, the prompt ``blue Unisex T-Shirt'' generates the face of a real individual. Moreover, by combining the identified vulnerabilities with real-world prompt data, we discover prompts that reproduce memorized visual elements. Our approach builds on insights from prior work and leverages domain knowledge to expose a fundamental vulnerability arising from the use of scraped e-commerce data, where templated layouts and images are closely tied to pattern-like textual prompts. The code for our attack is publicly available at https://github.com/TheSolY/lr-tmi.
format Preprint
id arxiv_https___arxiv_org_abs_2507_07947
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Low Resource Reconstruction Attacks Through Benign Prompts
Yarkoni, Sol
Sharif, Mahmood
Livni, Roi
Machine Learning
Artificial Intelligence
Recent advances in generative models, such as diffusion models, have raised concerns related to privacy, copyright infringement, and data stewardship. To better understand and control these risks, prior work has introduced techniques and attacks that reconstruct images, or parts of images, from training data. While these results demonstrate that training data can be recovered, existing methods often rely on high computational resources, partial access to the training set, or carefully engineered prompts. In this work, we present a new attack that requires low resources, assumes little to no access to the training data, and identifies seemingly benign prompts that can lead to potentially risky image reconstruction. We further show that such reconstructions may occur unintentionally, even for users without specialized knowledge. For example, we observe that for one existing model, the prompt ``blue Unisex T-Shirt'' generates the face of a real individual. Moreover, by combining the identified vulnerabilities with real-world prompt data, we discover prompts that reproduce memorized visual elements. Our approach builds on insights from prior work and leverages domain knowledge to expose a fundamental vulnerability arising from the use of scraped e-commerce data, where templated layouts and images are closely tied to pattern-like textual prompts. The code for our attack is publicly available at https://github.com/TheSolY/lr-tmi.
title Low Resource Reconstruction Attacks Through Benign Prompts
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2507.07947