Go to TMLR homepageRT2I-Bench: Evaluating Robustness of Text-to-Image Systems Against Adversarial Attacks
Abstract: Text-to-Image (T2I) systems have demonstrated impressive abilities in the generation of images from text descriptions. However, these systems remain susceptible to adversarial prompts—carefully crafted input manipulations that can result in misaligned or even toxic outputs. This vulnerability highlights the need for systematic evaluation and development of attack strategies that exploit these weaknesses, as well as defense mechanisms that safeguard T2I models. This work introduces RT2I-Bench, a comprehensive benchmark designed to assess the robustness of T2I systems against adversarial attacks. The benchmark serves two primary purposes. First, it provides a structured evaluation of various adversarial attacks, examining their effectiveness, transferability, stealthiness and potential for generating misaligned or toxic outputs, as well as assessing the resilience of state-of-the-art T2I models to such attacks. We observe that state-of-the-art T2I systems are vulnerable to adversarial prompts, with the most effective attacks achieving success rates of over 60\% across the majority of T2I models we tested. Second, RT2I-Bench enables the creation of a set of strong adversarial prompts (consisting of 1,439 that induce misaligned or targeted outputs and 173 that induce toxic outputs), which are effective across a wide range of systems. This dataset offers a valuable resource for robustness testing and defense evaluation. Finally, our benchmark is designed to be extensible, enabling the seamless addition of new attack techniques, T2I models, and evaluation metrics. This flexible framework provides an automated and scalable solution for robustness assessment and adversarial prompt generation in T2I systems.
Submission Length: Regular submission (no more than 12 pages of main content)
Assigned Action Editor: ~Dit-Yan_Yeung2
Submission Number: 5681
Loading