Go to ICLR 2026 Conference homepageTHE JPEG BLIND SPOT: EXPOSING A CRITICAL VULNERABILITY IN DOCUMENT TAMPERING DETECTION
Keywords: Document Tampering, Document Forgery, Adversarial attacks, JPEG artifacts
TL;DR: Current document forgery detectors rely on superficial JPEG artifacts and can be completely fooled by a simple attack that preserves those same artifacts,
Abstract: Current state-of-the-art document tampering detection models predominantly derive their success from a reliance on low-level JPEG compression artifacts, particularly Block Artifact Grids (BAG), to localize forged regions. In this paper, we expose a critical vulnerability inherent in this approach. We introduce a novel BAG-aware adversarial attack for document forgery that is designed to preserve the local statistical properties of these artifacts. When evaluated on the largest available document tampering benchmark, DocTamper, this attack catastrophically fools existing methods, reducing their detection rate to no better than random chance. This catastrophic failure reveals that these models fail to learn genuine semantic representations of tampering and instead rely on highly superficial and easily bypassed compression artifacts. Our work demonstrates a fundamental fragility in current document forensic systems and underscores the urgent need for robustness against such adversarial failures in security-critical applications.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 25466
Loading