According to researchers, removing current AI watermarks is easy
In order to deter counterfeiting, a conventional watermark is a recognizable emblem or pattern that can be found on anything from your wallet's currency to a postal stamp. For instance, you could have noticed a watermark in the preview of your graduation pictures. However, as with most things in the field, it takes a small detour in the case of artificial intelligence.
Watermarking can help a computer determine whether text or an image was produced by artificial intelligence in the context of AI. But why, in the first place, watermark pictures? Deep fakes and other types of deception thrive in the fertile ground that is created by generative art. Watermarks can thereby prevent the exploitation of content produced by AI, and they can even be incorporated into machine learning systems created by tech giants like Google, despite being undetectable to the unaided eye. Other significant participants in the market, like OpenAI, Meta, and Amazon, have committed to creating watermarking technology to thwart false information.
That is why University of Maryland (UMD) computer science researchers decided to investigate and comprehend how simple it is for malicious parties to add or remove watermarks. According to Soheil Feizi, a professor at UMD, the findings of his team support his belief that there are currently no trustworthy watermarking applications. During testing, the researchers discovered that it was simple to get around the watermarking techniques already in use and that it was even simpler to add phony emblems to pictures that weren't produced by AI. However, one UMD team distinguished themselves by creating a watermark that is nearly hard to remove from content without seriously harming the intellectual property. This was done in addition to assessing how simple it is to avoid watermarks. It is feasible to identify merchandise theft with this program.
Researchers from Carnegie Mellon University and the University of California, Santa Barbara discovered that watermarks were simple to remove through simulated attacks in a similar collaborative study project. The research deduces that there are two unique approaches—destructive and constructive—for removing watermarks using these attacks. The bad actors can treat watermarks like they are a component of the image while launching harmful attacks.A watermark can be removed by adjusting the brightness, contrast, or utilizing JPEG compression, or even by just rotating an image. The problem with these procedures is that while they do remove the watermark, they also significantly degrade the image quality. Watermark removal is a little more delicate and employs methods like the trusted Gaussian blur in a constructive approach.
It's possible to see a scenario when digital watermarking turns into a competition with hackers, even though watermarking AI-generated content needs to advance before it can successfully pass simulated tests like those depicted in these research papers. When it comes to innovative tools like Google's SynthID, an identification tool for generative art, which will keep getting workshopped by developers until it enters the mainstream, we can only hope for the best until a new standard is created.
However, there has never been a greater time for thinking leaders to innovate. The United States' 2024 presidential election is about to become a major global event, and artificial intelligence-generated content, such as deep fake advertisements, may play a significant role in influencing public opinion. Even the Biden administration has acknowledged the problem, stating that there are legitimate worries about the potential disruptive uses of artificial intelligence, particularly in the area of disinformation.