https://github.com/denselance/pip-pipeline

The Punctuation Injection Permutator (PIP) pipeline can craft an adversarial prompt automatically using an optimizer and a vision-language model (VLM) evaluator in both untargeted and targeted attack settings.
https://github.com/denselance/pip-pipeline

adversarial-attacks adversarial-machine-learning diffusion-models t2i t2i-diffusion-model

Last synced: 10 months ago
JSON representation

The Punctuation Injection Permutator (PIP) pipeline can craft an adversarial prompt automatically using an optimizer and a vision-language model (VLM) evaluator in both untargeted and targeted attack settings.

• Host: GitHub
• URL: https://github.com/denselance/pip-pipeline
• Owner: DenseLance
• License: mit
• Created: 2025-07-18T11:11:32.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2025-07-25T10:17:21.000Z (11 months ago)
• Last Synced: 2025-07-25T16:39:50.536Z (10 months ago)
• Topics: adversarial-attacks, adversarial-machine-learning, diffusion-models, t2i, t2i-diffusion-model
• Language: Jupyter Notebook
• Homepage:
• Size: 42.7 MB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Is It Possible to Attack a T2I Model With Only Punctuation?

## Abstract

Text-to-Image (T2I) models have become immensely popular due to their ability to generate high quality images from natural language prompts, but their safety and robustness in real-world applications remains a critical concern to date. In this work, we explore the use of punctuations as an attack vector on black-box T2I models. We show that it is easy to fool and mislead the victim model by simply injecting a few punctuations into the clean prompt, despite punctuations having virtually no semantic meaning. These punctuations injected could be attributed to human typographical errors, making the adversarial attack imperceptible and suitable as a real-world attack. We also propose the Punctuation Injection Permutator (PIP) pipeline which can craft the adversarial prompt automatically using an optimizer and a vision-language model (VLM) evaluator in both untargeted and targeted attack settings.

## How to Use

Use the Jupyter notebooks (.ipynb) with the prefix `[PIPELINE]` in the main directory. You can then modify the file according to your needs.

Our evaluation results can be found in the `eval` directory.

## Report and Citations

Technical details of the project are described in `Is It Possible to Attack a T2I Model With Only Punctuation.pdf` in the main directory.