Traditionally, watermarks have been visible logos or patterns, often seen on items like currency or stamps, serving as a deterrent against counterfeiting. However, in the realm of artificial intelligence, the concept of watermarking takes an intriguing twist, as is often the case in this ever-evolving field.
In the context of AI, watermarking serves a critical purpose – it enables computers to identify whether text or an image has been generated by artificial intelligence. But why is watermarking essential? Generative art, driven by AI, has become fertile ground for the creation of deepfakes and the spread of misinformation. Even though these watermarks remain invisible to the human eye, they act as a formidable defense against the misuse of AI-generated content. Notably, tech giants like Google, as well as industry leaders such as OpenAI, Meta (formerly Facebook), and Amazon, have all pledged to develop watermarking technology to combat the proliferation of false information.
Acknowledging the Need for Improvement
Computer science researchers at the University of Maryland (UMD) undertook the task of assessing the efficacy of current watermarking methods and examining how easily malicious actors can add or remove watermarks. Soheil Feizi, a professor at UMD, expressed skepticism about the reliability of existing watermarking applications. During their testing, the researchers discovered that evading current watermarking methods was relatively straightforward. Furthermore, they found it even easier to add fake emblems to images that were not generated by AI. However, one notable breakthrough emerged from the UMD team: they developed a watermark that is nearly impossible to remove without compromising the underlying intellectual property, enabling the detection of stolen products.
Challenges and Vulnerabilities
In a collaborative research effort between the University of California, Santa Barbara, and Carnegie Mellon University, researchers revealed that watermarks were susceptible to removal through simulated attacks. These attacks fell into two categories: destructive and constructive. In destructive attacks, malevolent actors treat watermarks as integral parts of images, making adjustments to attributes like brightness, contrast, applying JPEG compression, or simply rotating the image to eliminate the watermark. However, these methods, while effective in removing watermarks, significantly degrade image quality. In contrast, constructive attacks, which involve techniques like Gaussian blur, make watermark removal more sensitive.
A Race Against Hackers
While watermarking of AI-generated content still needs improvement to withstand simulated tests, it’s conceivable that the future will witness a competitive race between digital watermarking technology and hackers. Until a new industry standard emerges, there remains hope that tools like Google’s SynthID, designed for identifying generative art, will continue to evolve and become mainstream.
Timing is Crucial
The timing of innovation in this field couldn’t be more critical. With the 2024 presidential election in the United States looming, AI-generated content, including deepfake ads, could wield significant influence in shaping political opinions. The Biden administration has expressed concerns about the potential disruptive use of artificial intelligence, particularly in the spread of misinformation.
