Add technical/nightshade/nightshade.md
This commit is contained in:
parent
6bf6b6ec38
commit
37f30c4807
37
technical/nightshade/nightshade.md
Normal file
37
technical/nightshade/nightshade.md
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
# Nightshade - Concept Poisoning for Text-to-Image Models
|
||||||
|
|
||||||
|
**Nightshade** is a tool from the University of Chicago that applies targeted, imperceptible perturbations to images so that they poison the training process of text-to-image models. When a model is trained on Nightshaded images, its understanding of specific concepts drifts (e.g., “dog” begins to resemble “cat”). The effect is cumulative and difficult to filter out at scale.
|
||||||
|
|
||||||
|
## Why Nightshade Matters
|
||||||
|
|
||||||
|
While Glaze protects artistic *style*, Nightshade attacks the model’s *conceptual understanding*. A small number of poisoned images can degrade a model’s performance on targeted concepts, forcing labs to expend significant resources on data cleaning or retraining. This raises the economic cost of unauthorized ingestion and gives individual creators leverage they previously lacked.
|
||||||
|
|
||||||
|
Nightshade directly implements the “poisoning” strategy outlined in Section 4.3 of the primary dissertation and represents one of the most powerful technical countermeasures currently available to non-experts.
|
||||||
|
|
||||||
|
## How It Fits the Defense Stack
|
||||||
|
|
||||||
|
1. **Anubis + Nepenthes** - Prevent scraping at the web layer.
|
||||||
|
2. **Canary tokens & active denial** - Real-time cost and attribution.
|
||||||
|
3. **Glaze** (`glaze.md`) - Style protection for images that are scraped.
|
||||||
|
4. **Nightshade** (this document) - Concept-level poisoning that degrades model performance.
|
||||||
|
|
||||||
|
Nightshade is the strongest image-level offensive tool in the current arsenal. It is best used in combination with Glaze for comprehensive image protection.
|
||||||
|
|
||||||
|
## Key Benefits for Individuals
|
||||||
|
|
||||||
|
- **Imperceptible to humans** - No visible change to the original image.
|
||||||
|
- **Survives preprocessing** - Robust against common dataset cleaning steps.
|
||||||
|
- **Cumulative effect** - Multiple poisoned images amplify the damage.
|
||||||
|
- **Free for non-commercial use** - Accessible via the project website.
|
||||||
|
- **Peer-reviewed research** - IEEE S&P 2024 paper with open-source implementation.
|
||||||
|
|
||||||
|
## Official Resources
|
||||||
|
|
||||||
|
- Project: https://nightshade.cs.uchicago.edu/
|
||||||
|
- Paper: “Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models,” IEEE S&P 2024
|
||||||
|
|
||||||
|
## Recommended Starting Point
|
||||||
|
|
||||||
|
Apply Nightshade to any images you want to strongly protect against fine-tuning or concept learning. Use the most aggressive settings on high-value or signature works. Combine with Glaze for dual style + concept protection and embed daily canary tokens in the metadata. This creates a layered image defense that is extremely costly for labs to overcome.
|
||||||
|
|
||||||
|
*Nightshade is the most potent concept-poisoning tool currently available to individual creators. It is designed to be used alongside Glaze.*
|
||||||
Loading…
Reference in New Issue
Block a user