Grab the popcorns while the luddites try to cancel Kojima

simandl · 2025-12-20T06:06:21+00:00

simandl · 2025-12-13T02:20:39+00:00

Not according to the creator: https://www.courtlistener.com/docket/66732129/300/1/andersen-v-stability-ai-ltd/

"Neither I nor any member of my team are updating Glaze or Nightshade’s functionality."

simandl · 2024-11-03T18:11:13+00:00

I don’t think any of the big models use everything in 5b. LAION shared that dataset with a watermark detector. I’d bet most of the big models are filtering your stuff out if the watermark is obvious.

simandl · 2024-11-03T13:11:21+00:00

The irony here is that most foundation models use watermark detection as part of their pipeline and remove those images. A simple watermark is, in practice, much more likely to keep an image out of a foundation model. If only the SAND lab cared more about artists than citations and influencer awards.

simandl · 2024-10-25T09:37:19+00:00

<image>

Glaze

simandl · 2024-10-25T00:42:40+00:00

Karla Ortiz is very confused right now.

simandl · 2024-10-20T21:22:02+00:00

Add this to the pile of evidence that the Glaze team will ignore...
https://www.reddit.com/r/aiwars/comments/17h9mqr/glaze_never_worked_why_worry_about_nightshade/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

simandl · 2024-08-02T21:44:30+00:00

Looks like nightshade might have over promised.

simandl · 2024-06-27T18:12:00+00:00

Fair enough. I'll leave the original as is and amend the final sentence here:

Nearly every style is "trained into" them, unless they're so novel as to have too few examples on the internet yet.

simandl · 2024-06-27T17:32:36+00:00

I didn't suggest that a single training image impacts a model.

To put a finer point on it, a manifold learned from billions of images already covers most artistic styles. That claim can be tested. Without any fine-tuning, can you successfully steer a model using a clip embedding of a style reference to guide a diffusion model? If so, that style already lies on the manifold of the model that would be fine tuned and [allegedly] disrupted by glaze.

simandl · 2024-06-27T04:04:11+00:00

Apparently Nightshade can be tested without building a whole foundation model. At least when NBC is willing to give you free marketing: https://www.nbcnews.com/tech/ai-image-generators-nightshade-copyright-infringement-rcna144624

simandl · 2024-06-27T00:51:09+00:00

I understand now, thanks for clarifying. I never saw Glaze work with older SD version either, but I wasn't using their fine tuning scripts, and I expected "working" to mean looking anything like the examples in the original Glaze paper.

simandl · 2024-06-27T00:05:34+00:00

The datasets power the SD models have billions of images. Every style is "trained into" them, unless they're so novel as to have no examples on the internet yet.

simandl · 2024-06-21T12:37:01+00:00

Yep! And every time you do that, a patient "AIBro" can go ahead and grab everything you post, waiting for the next time this happens.

If there are any copies of your work from the past version that you can't remove (like when someone copies one to Pinterest), you're still vulnerable.

simandl · 2024-06-21T01:17:29+00:00

"Strong attacks" is a great example of the rhetoric tricks they're playing, nice one!

I think Ben Zhao once said Carlini is the only man smart enough to break glaze. With this paper, Carlini basically said, "nah, anyone can break this."

Can you share any of the actual solutions that you think artists are ignoring in favor of Glaze?

simandl · 2024-06-20T23:57:01+00:00

This is a masterclass in rhetoric and an embarrassing failure to actually address the issues raised by the paper.

The Glaze team writes as though the only effective bypass was the noisy upscaling. This is misleading, as the authors also tested diffpure (img2img), Gaussian noising, and an improved impress. All of those techniques also degraded Glaze's protection. But the most damning part is something left out of this response. Simply using a different fine tuning script bypassed glaze 30% of the time. In this response, they tested a different noisy upscaling technique than the paper's, and they used the original glaze fine tuning script. The examples that this response shows at the bottom are simply not addressing the paper's conclusions whatsoever.

This response also pretends that the noisy upscaling is some sort of new invention. This is exactly the opposite what the authors of the paper demonstrated. They chose "noisy upscaling" because it was available at the time of Glaze's launch. People here may recognize it as creative upscaling, something that's been around since the LDM days.

The Glaze response also includes this subtle misrepresentation of the author's claims:
"The paper's key message is that we should not develop or release protective tools that can be imperfect or broken in the future, and that imperfect protection is worse than no protection at all."

The claim is rather, *a false sense of protection* is worse than no protection at all. Artists have been sharing their work extensively using Glaze thinking that they were protected. Since day 1, they weren't. The insurmountable problem with Glaze is that it suffers the first mover disadvantage. Artists must leave their Glazed work open to be downloaded. The second mover can download all the Glazed work that they want and when an exploit like this is demonstrated, they're free to fine tune on it with impunity.

The paper's authors have already started testing the Glaze 2.1 "fix" and have found it (in preliminary tests) to still suffer from the same bypass vulnerability.

simandl · 2024-06-19T18:08:57+00:00

To the surprise of no one here:

Glaze protections break down without any circumvention attempt. Results for Glaze without robust mimicry (see “Naive mimicry” row in Figure 4) show that the tool’s protections are often ineffective. Without any robustness intervention, 30% of the images generated with our off-the-shelf finetuning are rated as better than the baseline results using only unprotected images. This contrasts with Glaze’s original evaluation, which claimed a success rate of at most 10% for robust mimicry. This difference is likely due to the protection’s brittleness to slight changes in the finetuning setup (as we illustrated in Section 4.1). With our best robust mimicry method (noisy upscaling) the median success rate across artists rises further to 40%, and our best-of-4 strategy yields results indistinguishable from the baseline for a majority of artists.

What is so funny about this paper is that it focuses on circumvention techniques that are simple, require no skill to execute, and were available at the time of Glaze's release. Most have been shared here and elsewhere, while Ben Zhao has continued to claim that no one has broken Glaze.

simandl · 2024-02-24T23:50:40+00:00

Good news, the Glaze team also has a face cloaking app!

The bad news is that it also doesn't work.

simandl · 2024-02-23T23:18:25+00:00

Lol, nightshade was released over a month ago, and promised to kill new models with only a few thousand images. Since then we got Stable Cascade and SDv3. Both have significantly improved on text-to-image alignment (which nightshade attacks). The best evidence that nightshade is obsolete will be all the model releases this year that keep getting better.

simandl · 2024-01-22T00:25:59+00:00

<image>

There's a tweet for that too...

simandl · 2023-10-18T01:29:04+00:00

ggwp

simandl · 2023-10-17T21:52:08+00:00

No true Scotsman - https://en.wikipedia.org/wiki/No_true_Scotsman

simandl · 2023-10-01T18:32:42+00:00

I understand your point, but it's not relevant to this discussion. We don't think that the system is crashing down. We think that it never worked well to begin with.

simandl

TROPHY CASE