Computer science researchers at the University of Maryland (UMD) undertook the task of assessing the efficacy of current watermarking methods and examining how easily malicious actors can add or remove watermarks. Soheil Feizi, a professor at UMD, expressed skepticism about the reliability of existing watermarking applications. During their testing, the researchers discovered that evading current watermarking methods was relatively straightforward. Furthermore, they found it even easier to add fake emblems to images that were not generated by AI. However, one notable breakthrough emerged from the UMD team: they developed a watermark that is nearly impossible to remove without compromising the underlying intellectual property, enabling the detection of stolen products.
Challenges and Vulnerabilities
In a collaborative research effort between the University of California, Santa Barbara, and Carnegie Mellon University, researchers revealed that watermarks were susceptible to removal through simulated attacks. These attacks fell into two categories: destructive and constructive. In destructive attacks, malevolent actors treat watermarks as integral parts of images, making adjustments to attributes like brightness, contrast, applying JPEG compression, or simply rotating the image to eliminate the watermark. However, these methods, while effective in removing watermarks, significantly degrade image quality. In contrast, constructive attacks, which involve techniques like Gaussian blur, make watermark removal more sensitive.
