I’m a professional software developer with ML experience, albeit not an expert in ML specifically. It would obviously affect the literal value of the embeddings, but there’s no chance it would have a qualitative effect on a reasonably performant model.
It would though and their paper shows as much. The thing many forget is that it isn’t trained visually like us. Little input changes like this have a big impact.
Now eventually if everyone uses the same glazing method the training won’t care but at the moment this is bespoke enough that it can’t be trained well on it. It will always be an arms race though.
No, it wouldn’t, and the paper shows no such thing. Nightshade isn’t “Gaussian blur + sharpen.” It’s based on the use of a different diffusion model to perturb an image (with bounded difference in perceptual similarity) to minimize the distance of the embedding from that of an unrelated concept. It is mathematically optimized and highly specific to the prompt. The clever thing is that you don’t need access to the actual original text-to-image feature extractor because of the transferability between models, and the surprising thing is how few poisoned samples are required to break a model.
Gaussian blur 1 px, Sharpen 1 px
Bye bye any pixel level encoding with minimal quality loss.
Why do you think this would do anything to affect training? The patterns learned by ML models are way too fuzzy to be picky about exact pixel values.
I’m not sure what your experience is with the training data but that would absolutely effect the inputs.
I’m a professional software developer with ML experience, albeit not an expert in ML specifically. It would obviously affect the literal value of the embeddings, but there’s no chance it would have a qualitative effect on a reasonably performant model.
It would though and their paper shows as much. The thing many forget is that it isn’t trained visually like us. Little input changes like this have a big impact.
Now eventually if everyone uses the same glazing method the training won’t care but at the moment this is bespoke enough that it can’t be trained well on it. It will always be an arms race though.
No, it wouldn’t, and the paper shows no such thing. Nightshade isn’t “Gaussian blur + sharpen.” It’s based on the use of a different diffusion model to perturb an image (with bounded difference in perceptual similarity) to minimize the distance of the embedding from that of an unrelated concept. It is mathematically optimized and highly specific to the prompt. The clever thing is that you don’t need access to the actual original text-to-image feature extractor because of the transferability between models, and the surprising thing is how few poisoned samples are required to break a model.
Lol… wut
https://www.aiweirdness.com/when-data-is-messy-20-07-03/
U even train bro?
What is this article supposed to show?