A
group
of
researchers
is
warning
that
popular
AI
image
models
like
DALL-E
2
can
be
“tricked”
into
regenerating
their
training
images.
That’s
a
serious
privacy
concern,
especially
as
AI
is
applied
to
ever-more
sensitive
classes
of
images,
such
as
in
medical
applications.
The
team,
which
includes
researchers
from
Google
Brain,
DeepMind,
ETH
Zurich,
Princeton
University,
and
University
of
California
Berkeley,
demonstrated
that
the
class
of
image
generators
known
as
generative
diffusion
models
memorise
and
regenerate
their
training
data,
something
which
“would
violate
all
privacy
guarantees”
as
well
as
raising
questions
about
model
generation
and
“digital
forgery”
(the
model
reproducing
copyrighted
works).
They
tested
the
Stable
Diffusion
and
Imagen
models,
and
extracted
“over
a
hundred
near-identical
replicas
of
training
images
that
range
from
personally
identifiable
photos
to
trademarked
logos”.
The
paper,
published
on
arXiv,
“highlights
the
tension
between
increasingly
powerful
generative
models
and
data
privacy,
and
raises
questions
on
how
diffusion
models
work
and
how
they
should
be
responsibly
deployed”.
For
example,
the
researchers
noted
that
fields
like
medical
research
are
highly
privacy-sensitive:
the
class
of
machine
learning
called
a
generative
adversarial
network
(GAN)
has
already
been
applied
to
medical
imagery,
the
paper
said,
which
“underlines
the
importance
of
understanding
the
risks
of
generative
models
before
we
apply
them
to
private
domains.”
“Researchers
and
practitioners
should
be
wary
of
training
on
uncurated
public
data
without
first
taking
steps
to
understand
the
underlying
ethics
and
privacy
implications,”
the
paper
said.
About Author
