The tool that many major tech companies rely heavily on to help the public and businesses separate fact from fiction has been undermined before it has even gotten off the ground in the context of the rapid rise of AI.
Companies like OpenAI, Amazon and Google have pointed out that the idea of watermarking has the potential to combat misinformation online. With generative AI on the rise, especially in the form of deepfakes, this can be seen as a way to identify what is actually real. It is one of the most important proposals of efforts to make the use of AI safer and more transparent.
However, there aren’t many clear-cut approaches to watermarking that are completely foolproof or reliable, and professors at the University of Maryland have already found a way to break all existing methods, according to TechXplore.
How scientists have already cracked AI watermarking
The researchers used a technique called diffusion purification to blow Gaussian noise – a type of electronic noise signaling – onto a watermark to remove it completely, without affecting the underlying image too much.
As AI-generated content increases, especially in certain industries, the scope for abuse has also emerged as a very real possibility. It is also essential to find tools and strategies to distinguish real content from content created by machines.
According to the researchers, watermarking is a promising approach paper, published on September 29. This involves hiding a signal in a piece of text or image to determine whether it is generated by AI. According to the theory, a tool that lets you review the content could determine whether it’s real or fake, avoiding the prospect of falling for something that isn’t real. But the attack method – diffusion purification – has already managed to nullify the current watermarks.
“Based on our results, designing a robust watermark is a challenging but not necessarily impossible task,” the paper said, offering a glimmer of hope.
“An effective method must have specific characteristics, including sufficient watermark distortion, resistance to naive classification, and resilience to noise carried over from other watermarked images.”