Warfare:Breaking the Watermark Protection of AI-Generated Content
Guanlin Li, Yifei Chen, Jie Zhang, Shangwei Guo, Han Qiu, Guoyin Wang, Jiwei Li, Tianwei Zhang
TL;DR
Warfare reveals that current AIGC watermarking can be defeated under a black-box threat model by a unified attack framework that couples diffusion-based preprocessing with GAN-driven watermark manipulation to remove or forge watermarks. The proposed Warfare and its faster variant Warfare-Plus demonstrate strong attack effectiveness across multiple datasets and watermark lengths while maintaining content quality, highlighting serious risks to content attribution and policy enforcement. The work also characterizes practical defenses and positions Warfare as a tool for red-teaming and robust watermark design, emphasizing the need for more resilient watermarking in real-world AIGC deployments.
Abstract
AI-Generated Content (AIGC) is rapidly expanding, with services using advanced generative models to create realistic images and fluent text. Regulating such content is crucial to prevent policy violations, such as unauthorized commercialization or unsafe content distribution. Watermarking is a promising solution for content attribution and verification, but we demonstrate its vulnerability to two key attacks: (1) Watermark removal, where adversaries erase embedded marks to evade regulation, and (2) Watermark forging, where they generate illicit content with forged watermarks, leading to misattribution. We propose Warfare, a unified attack framework leveraging a pre-trained diffusion model for content processing and a generative adversarial network for watermark manipulation. Evaluations across datasets and embedding setups show that Warfare achieves high success rates while preserving content quality. We further introduce Warfare-Plus, which enhances efficiency without compromising effectiveness. The code can be found in https://github.com/GuanlinLee/warfare.