Pith. sign in

REVIEW 1 major objections 4 minor 186 references

Standard AI safety tools fail against AI-generated child sexual abuse material because they need data and tests the law forbids.

Reviewed by Pith at T0; open to challenge. T0 means a machine referee read the full paper against a public rubric. the ladder, T0–T4 →

T0 review · grok-4.5

2026-07-12 14:28 UTC pith:H55MPZQU

load-bearing objection Solid position paper that maps CSAM legal/ethical constraints onto the full AI lifecycle and lists 15 concrete open problems; the leap to 'entirely new approaches' is asserted more than quantified, but the work is still worth engaging. the 1 major comments →

arxiv 2607.05407 v1 pith:H55MPZQU submitted 2026-06-09 cs.CY cs.AI

Position: Preventing AI-Generated CSAM Necessitates New Approaches to AI Safety

classification cs.CY cs.AI
keywords AI-generated CSAMAI safetychild sexual exploitationconcept fusionfine-tuning resilienceexact unlearningopen problemscontent provenance
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved

The pith

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This position paper argues that stopping AI-generated child sexual abuse material requires new AI safety methods, not just stronger versions of the ones already used for bias, disinformation, or other harms. Legal and ethical bans on accessing, generating, or training on child sexual abuse material block the usual safety playbook: you cannot freely audit training sets, red-team by prompting for the forbidden content, or fine-tune detectors on real examples. The authors map these hard constraints across the full model lifecycle and list fifteen concrete open problems that range from partial data cleaning and concept fusion to fine-tuning resilience, abliterated-model detection, and exact unlearning. They pair each problem with targeted recommendations for researchers, model providers, and policymakers so that child protection becomes a first-class, safety-critical research agenda rather than an afterthought.

Core claim

Existing AI safety research rests on assumptions of data accessibility, transparency, and evaluation practices that are incompatible with the legal and ethical constraints surrounding child sexual abuse material; therefore protecting children from AI-facilitated sexual abuse requires new technical approaches rather than straightforward application of current techniques.

What carries the argument

The four constraint classes (DATA access bans, EVAL generation bans, ADV adversarial opacity with strict guarantees, WELL wellness limits) that systematically invalidate standard safety tools across development, deployment, and maintenance.

Load-bearing premise

That the legal and ethical bans on CSAM data and generation are so rigid that ordinary AI-safety techniques cannot be adapted with proxies or limited access and instead demand entirely new methods.

What would settle it

A controlled study showing that partial data cleaning or proxy-concept red-teaming already reduces AIG-CSAM generation capability below a usable threshold on open-weight models without ever needing real CSAM access.

Watch this falsifier — get emailed when new claim-graph text bears on it.

If this is right

  • Dataset cleaning, red-teaming, and fine-tuning defenses must be redesigned so they never require possession or generation of CSAM.
  • Open-weight models need built-in resilience to LoRA-style fine-tuning and abliteration aimed at CSAM or nudification.
  • Model-hosting platforms and regulators need automated, image-free ways to detect and delist models optimized for child exploitation.
  • Exact unlearning and tamper-resistant provenance become mandatory rather than optional for any model that might later be found to contain CSAM concepts.
  • Policymakers must create scoped legal pathways for vetted institutions to evaluate AIG-CSAM capabilities without criminalizing the evaluators.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Techniques that succeed under CSAM constraints (proxy concepts, image-free auditing, exact unlearning) will likely transfer to other high-stakes illegal domains such as non-consensual intimate imagery of adults.
  • The same concept-fusion risk that lets models invent CSAM from benign child and adult images also threatens other forbidden combinations (e.g., weapons plus public figures).
  • Hobbyist fine-tuning ecosystems may become the primary enforcement bottleneck once foundation-model providers harden their own systems.
  • Wellness limits on human exposure will force the field toward fully automated red-teaming even for non-CSAM safety work.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit.

Referee Report

1 major / 4 minor

Summary. This position paper argues that existing AI safety techniques rest on assumptions of data accessibility, transparent evaluation, and generation-based red-teaming that are incompatible with the legal and ethical constraints surrounding CSAM (DATA access bans, EVAL generation bans, ADV adversarial opacity, WELL wellness limits). It maps these constraints onto the AI lifecycle, enumerates 15 open problems (A1–A5 development, B1–B5 deployment, C1–C5 maintenance), and supplies two small proxy experiments (CelebA concept-fusion thresholds and a public model-card audit of 14 image/video generators). Targeted recommendations for researchers, providers, and policymakers are offered to reframe AIG-CSAM prevention as a central safety-critical research agenda.

Significance. If the mismatch claim holds, the paper supplies a concrete research agenda that the AI safety community currently lacks: open problems that are each explicitly linked to a legal/ethical constraint (Table 3) and that cannot be solved by simply scaling existing red-teaming or filtering pipelines. The two controlled proxy experiments and the model-card audit give the position empirical footing without requiring illegal data access. The calls-to-action remain actionable under either a “new techniques” or a “stronger proxies” reading, making the work useful for both technical and policy audiences.

major comments (1)
  1. §6 Alternative Views acknowledges that stronger or proxy-based variants of existing methods may often suffice, yet never quantifies how frequently adaptation fails versus requiring entirely new techniques. Because the Main Position (p. 1) and the framing of the 15 open problems rest on the claim that the four constraint classes necessitate new approaches, a short discussion or table that distinguishes “adaptation-sufficient” from “new-technique-required” cases would make the central claim more precise without altering the paper’s scope.
minor comments (4)
  1. Table 1 footnote “*” on AI-developer access is only expanded later in §2.2; a one-sentence clarification in the table caption would improve self-containment.
  2. Figure 1 caption and the surrounding text in §3.2.1 use “conditional diffusion models” while Appendix C.1.1 describes “conditional flow matching models”; consistent terminology would avoid confusion.
  3. Table 4 (model-card audit) is informative but the selection criterion (“presence on Artificial Analysis leaderboards”) is stated only in the appendix; a brief note in the main text would help readers assess representativeness.
  4. A few typographical inconsistencies appear (e.g., “EV AL” spacing in the constraint tags, “H ¨onig” diacritic). These are purely presentational.

Circularity Check

0 steps flagged

No significant circularity; open problems and Main Position follow from external legal constraints and observed practices, not from self-referential definitions or fitted predictions.

full rationale

This is a position paper, not a derivation of quantitative predictions from fitted parameters or uniqueness theorems. The Main Position (p.1) and the 15 open problems (§§3–5, Table 3) are obtained by mapping four externally grounded constraint classes (DATA access bans under COPPA/GDPR/18 U.S.C. §2252, EVAL generation bans under US Congress 2003, ADV adversarial opacity, WELL wellness limits) onto standard AI-safety techniques (dataset auditing, red-teaming by generation, fine-tuning resilience that trains on the obstructed task, exact unlearning, etc.). Those legal facts are cited to statutes and third-party reports, not defined in terms of the paper’s conclusions. The two proof-of-concept experiments (CelebA concept-fusion thresholds, public model-card audit) are illustrative empirical checks that use proxy data and public documentation; they do not close a logical loop. Self-citations to Thorn reports (Portnoff & Simpson 2025, Thorn & All Tech is Human 2024) supply domain observations of offender tooling and industry practice but are not load-bearing uniqueness claims or ansatzes that force the Main Position. Alternative views (§6) are acknowledged without circular redefinition. Consequently the argument is self-contained against external legal and empirical benchmarks and exhibits none of the six circularity patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 5 axioms · 2 invented entities

Position paper; almost no free parameters. Load-bearing content is a set of domain assumptions about U.S./Western law and the practical impossibility of standard safety pipelines under those laws, plus the authors’ framing of 15 open problems as the necessary research agenda. No new physical entities or fitted constants drive the central claim.

axioms (5)
  • domain assumption CSAM is illegal to create, possess, or distribute for ordinary researchers and AI developers under U.S. law (18 U.S.C. §2252 and related statutes); intentional generation for red-teaming is likewise prohibited.
    Stated in §2.1 (EVAL) and Table 1; underpins every claim that standard red-teaming and evaluation datasets cannot be used.
  • domain assumption Hash-based matching and limited embedding extraction are the only generally available signals for AI providers; full CSAM access is restricted to hotlines and law enforcement.
    Table 1 and §2.2; drives the DATA constraint used throughout §§3–5.
  • domain assumption Concept fusion (composition of separately trained benign concepts into harmful outputs) occurs above a critical sample threshold and is not prevented by partial cleaning.
    Supported by the paper’s own CelebA experiment (§3.2.1) and concurrent Cretu et al.; treated as given for Open Problem A2.
  • domain assumption Open-weight models plus GUI LoRA tools (ComfyUI, Ostris) enable non-experts to fine-tune for CSAM or “nudify” applications at low cost.
    Cited from Thorn reports and industry observation; foundation of Open Problem A3 and C1.
  • domain assumption Approximate unlearning / concept erasure provides only probabilistic guarantees and is vulnerable to adversarial prompts; CSAM requires exact unlearning.
    §5.2 Open Problem C2, citing Cooper et al. and Zhang et al.; treated as established limitation.
invented entities (2)
  • The four constraint classes (DATA, EVAL, ADV, WELL) no independent evidence
    purpose: Taxonomy that organizes why standard AI-safety techniques fail for AIG-CSAM and that tags every open problem.
    Introduced in §2.1 and used as column headers in Table 3; no independent formal definition outside the paper.
  • The numbered list of 15 open problems (A1–A5, B1–B5, C1–C5) no independent evidence
    purpose: Concrete research agenda that translates the position into actionable technical and policy targets.
    Core contribution of §§3–5 and App. C; the list itself is the paper’s primary invented organizing structure.

pith-pipeline@v1.1.0-grok45 · 29573 in / 3384 out tokens · 33208 ms · 2026-07-12T14:28:02.521952+00:00 · methodology

0 comments
read the original abstract

Modern artificial intelligence (AI) systems present profound new risks to child safety. AI is increasingly being misused to create AI-generated child sexual abuse material, facilitate child sexual exploitation, and reduce barriers to harm. In this paper, we argue that protecting children from AI-facilitated sexual abuse requires new approaches to AI safety. Existing safety techniques assume data accessibility, transparency, and evaluation practices that are incompatible with the ethical and legal constraints surrounding child sexual abuse material. We examine how these constraints create new technical challenges, such as limitations on dataset auditing, red teaming, and fine-tuning prevention. In turn, we outline *15 open problems* in online child sexual exploitation and abuse across the AI development lifecycle, from dataset curation and model design to deployment and long-term maintenance. We propose targeted recommendations for researchers, developers, and policymakers to bridge the gap between theoretical AI safety and the realities of child protection. Our work aims to reframe preventing AI-facilitated child sexual abuse as a central, safety-critical dimension for AI research, motivating work that translates responsible AI principles into concrete safeguards against the exploitation of children.

Figures

Figures reproduced from arXiv: 2607.05407 by Chhavi Yadav, Kevin Kuo, Michael Simpson, Neil Kale, Pratiksha Thaker, Rebecca Portnoff, Robertson Wang, Virginia Smith.

Figure 1
Figure 1. Figure 1: Conditional diffusion models trained on images of blon￾des (top) and people in eyeglasses (middle) can generate blondes wearing eyeglasses (bottom), without overlapping training data. Fusion is effective with a critical threshold of training data (right). Unfortunately, even if base models appear ‘safe’, users can also unlock harmful capabilities through post-training procedures such as fine-tuning. Open-w… view at source ↗
Figure 2
Figure 2. Figure 2: We test composition of the black hair and eyeglasses concepts, varying the number of eyeglasses samples from 64 to 4K. When increasing from 64 to 250 samples, capability to pro￾duce compositional images triples from 9% to 27%. Our findings align with Okawa et al. (2023), who also ob￾serve a sharp sample threshold for concept composition. This suggests partial data cleaning may be effective, though the bar … view at source ↗

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

186 extracted references · 25 linked inside Pith

  1. [1]

    arXiv preprint arXiv:2312.06205 , year=

    The journey, not the destination: How data guides diffusion models , author=. arXiv preprint arXiv:2312.06205 , year=

  2. [2]

    International Conference on Learning Representations , volume=

    Diffusion attribution score: Evaluating training data influence in diffusion models , author=. International Conference on Learning Representations , volume=

  3. [3]

    International Conference on Learning Representations , volume=

    Intriguing properties of data attribution on diffusion models , author=. International Conference on Learning Representations , volume=

  4. [4]

    Advances in Neural Information Processing Systems , year=

    Emergence and evolution of interpretable concepts in diffusion models , author=. Advances in Neural Information Processing Systems , year=

  5. [5]

    Advances in Neural Information Processing Systems , year=

    One-Step is Enough: Sparse Autoencoders for Text-to-Image Diffusion Models , author=. Advances in Neural Information Processing Systems , year=

  6. [6]

    1996 , month = aug, note =

    Health Insurance Portability and Accountability Act of 1996 , howpublished =. 1996 , month = aug, note =

  7. [7]

    , title =

    Clinton, William J. , title =. 1995 , month = aug, day =

  8. [8]

    2023 , month = oct, address =

    Child Sexual Abuse Material: Model Legislation & Global Review , edition =. 2023 , month = oct, address =

  9. [9]

    2023 , note =

    Citizen's Guide to. 2023 , note =

  10. [10]

    AAAI Conference on Human Computation and Crowdsourcing , year=

    Fast, accurate, and healthier: Interactive blurring helps moderators reduce exposure to harmful content , author=. AAAI Conference on Human Computation and Crowdsourcing , year=

  11. [11]

    Social Science Research Network , year=

    Open technical problems in open-weight ai model risk management , author=. Social Science Research Network , year=

  12. [12]

    arXiv preprint arXiv:2512.11815 , year=

    Video Deepfake Abuse: How Company Choices Predictably Shape Misuse Patterns , author=. arXiv preprint arXiv:2512.11815 , year=

  13. [13]

    International Conference on Machine Learning , year=

    Glide: Towards photorealistic image generation and editing with text-guided diffusion models , author=. International Conference on Machine Learning , year=

  14. [14]

    arXiv preprint arXiv:2504.17663 , year=

    The Malicious Technical Ecosystem: Exposing Limitations in Technical Governance of AI-Generated Non-Consensual Intimate Images of Adults , author=. arXiv preprint arXiv:2504.17663 , year=

  15. [15]

    BBC News , year =

    McMahon, Liv , title =. BBC News , year =

  16. [16]

    Politico Europe , year =

    Clifton, Mizy and Bristow, Tom , title =. Politico Europe , year =

  17. [17]

    2025 , month = aug, day =

    Automate Security Reviews with. 2025 , month = aug, day =

  18. [18]

    2025 , url =

    Introducing Aardvark: OpenAI’s agentic security researcher , journal =. 2025 , url =

  19. [19]

    2025 , howpublished =

    Popa, Raluca Ada and Flynn, Four , title =. 2025 , howpublished =

  20. [20]

    2024 , howpublished =

    Song, Dawn , title =. 2024 , howpublished =

  21. [21]

    2025 , howpublished =

    Adversarial Misuse of Generative. 2025 , howpublished =

  22. [22]

    2025 , month = aug, url =

    Threat Intelligence Report: August 2025 , institution =. 2025 , month = aug, url =

  23. [23]

    2025 , howpublished =

  24. [24]

    Advances in Neural Information Processing Systems , year=

    Are you stealing my model? sample correlation for fingerprinting deep neural networks , author=. Advances in Neural Information Processing Systems , year=

  25. [25]

    Doerfler, Periwinkle and Forte, Andrea and De Cristofaro, Emiliano and Stringhini, Gianluca and Blackburn, Jeremy and McCoy, Damon , journal=. ``

  26. [26]

    Information and Software Technology , volume=

    Joining a smartphone ecosystem: Application developers’ motivations and decision criteria , author=. Information and Software Technology , volume=. 2014 , publisher=

  27. [27]

    Journal of Child & Adolescent Trauma , year=

    A systematic review of the education and awareness interventions to prevent online child sexual abuse , author=. Journal of Child & Adolescent Trauma , year=

  28. [28]

    Child Abuse Review: Journal of the British Association for the Study and Prevention of Child Abuse and Neglect , year=

    Partnering with parents to prevent childhood sexual abuse , author=. Child Abuse Review: Journal of the British Association for the Study and Prevention of Child Abuse and Neglect , year=

  29. [29]

    Proceedings of the 21st Brazilian Symposium on Human Factors in Computing Systems , year=

    Using model cards for ethical reflection: a qualitative exploration , author=. Proceedings of the 21st Brazilian Symposium on Human Factors in Computing Systems , year=

  30. [30]

    ACM Conference on Fairness, Accountability, and Transparency , year=

    Interactive model cards: A human-centered approach to model documentation , author=. ACM Conference on Fairness, Accountability, and Transparency , year=

  31. [31]

    Proceedings of the conference on fairness, accountability, and transparency , year=

    Model cards for model reporting , author=. Proceedings of the conference on fairness, accountability, and transparency , year=

  32. [32]

    Gaps in the Safety Evaluation of Generative AI , journal=

    Rauh, Maribeth and Marchal, Nahema and Manzini, Arianna and Hendricks, Lisa Anne and Comanescu, Ramona and Akbulut, Canfer and Stepleton, Tom and Mateos-Garcia, Juan and Bergman, Stevie and Kay, Jackie and Griffin, Conor and Bariach, Ben and Gabriel, Iason and Rieser, Verena and Isaac, William and Weidinger, Laura , year=. Gaps in the Safety Evaluation of...

  33. [33]

    IEEE Spectrum , year =

    Harris, David Evan and Willner, Dave , title =. IEEE Spectrum , year =

  34. [34]

    AI and Ethics , volume=

    The ethical wisdom of AI developers , author=. AI and Ethics , volume=. 2025 , publisher=

  35. [35]

    The Guardian , year =

    Kenyan Moderators Decry Toll of Training of AI Models , author =. The Guardian , year =

  36. [36]

    Once you see it you can't unsee it

    “Once you see it you can't unsee it”: Law enforcement trauma and immersion in child sexual abuse material , author=. Child Protection and Practice , year=

  37. [37]

    2024 , month = nov, type =

    Mitigating the Risk of Generative AI Models Creating Child Sexual Abuse Materials , institution =. 2024 , month = nov, type =

  38. [38]

    Cyberpsychology: Journal of Psychosocial Research on Cyberspace , year=

    The psychological impacts of content moderation on content moderators: A qualitative study , author=. Cyberpsychology: Journal of Psychosocial Research on Cyberspace , year=

  39. [39]

    2024 , url =

    Ostris , title =. 2024 , url =

  40. [40]

    2018 , url =

    What is. 2018 , url =

  41. [41]

    International Conference on Learning Representations , year=

    Unlearning or Obfuscating? Jogging the Memory of Unlearned LLMs via Benign Relearning , author=. International Conference on Learning Representations , year=

  42. [42]

    arXiv preprint arXiv:2512.05707 , year=

    Evaluating Concept Filtering Defenses against Child Sexual Abuse Material Generation by Text-to-Image Models , author=. arXiv preprint arXiv:2512.05707 , year=

  43. [43]

    2024 , note =

    C2PA: Advancing Digital Content Transparency and Authenticity , howpublished =. 2024 , note =

  44. [44]

    Children's Online Privacy Protection Rule ("COPPA") , url =

  45. [45]

    Thousands of Pedophiles Are Using Jail-Broken

    Stokel-Walker, Chris , journal =. Thousands of Pedophiles Are Using Jail-Broken. 2025 , url =

  46. [46]

    2025 , month = jun, organization =

    Taking Action Against Nudify Apps , author =. 2025 , month = jun, organization =

  47. [47]

    Deepfake Nudes & Young People: Navigating a New Frontier in Technology-facilitated Nonconsensual Sexual Abuse and Exploitation , year =

  48. [48]

    2024 , month = dec, institution =

    Evolving Technologies Horizon Scan: A Review of Technologies Carrying Notable Risk and Opportunity in the Fight Against Technology-Facilitated Child Sexual Exploitation , author =. 2024 , month = dec, institution =

  49. [49]

    2025 , month =

    The General-Purpose AI Code of Practice , author =. 2025 , month =

  50. [50]

    Lantern: Advancing Child Safety Through Signal Sharing , year =

  51. [51]

    IEEE/CVF International Conference on Computer Vision , year=

    Deep learning face attributes in the wild , author=. IEEE/CVF International Conference on Computer Vision , year=

  52. [52]

    Advances in Neural Information Processing Systems , year=

    Safetywashing: Do AI Safety Benchmarks Actually Measure Safety Progress? , author=. Advances in Neural Information Processing Systems , year=

  53. [53]

    USENIX Security Symposium , year=

    Glaze: Protecting artists from style mimicry by Text-to-Image models , author=. USENIX Security Symposium , year=

  54. [54]

    IEEE Transactions on Pattern Analysis and Machine Intelligence , year=

    Disentangled representation learning , author=. IEEE Transactions on Pattern Analysis and Machine Intelligence , year=

  55. [55]

    Advances in Neural Information Processing Systems , year=

    Concept embedding models: Beyond the accuracy-explainability trade-off , author=. Advances in Neural Information Processing Systems , year=

  56. [56]

    5 of the ai safety benchmark from mlcommons , author=

    Introducing v0. 5 of the ai safety benchmark from mlcommons , author=. arXiv preprint arXiv:2404.12241 , year=

  57. [57]

    arXiv preprint arXiv:2503.16431 , year=

    OpenAI's Approach to External Red Teaming for AI Models and Systems , author=. arXiv preprint arXiv:2503.16431 , year=

  58. [58]

    Conference on Computer-Supported Cooperative Work and Social Computing , year=

    The human factor in ai red teaming: Perspectives from social and collaborative computing , author=. Conference on Computer-Supported Cooperative Work and Social Computing , year=

  59. [59]

    arXiv preprint arXiv:2510.02978 , year=

    AI Generated Child Sexual Abuse Material--What's the Harm? , author=. arXiv preprint arXiv:2510.02978 , year=

  60. [60]

    International Conference on Learning Representations , year=

    Adversarial perturbations cannot reliably protect artists from generative ai , author=. International Conference on Learning Representations , year=

  61. [61]

    International Conference on Machine Learning , year=

    Raising the cost of malicious ai-powered image editing , author=. International Conference on Machine Learning , year=

  62. [62]

    2025 , url =

    Portnoff, Rebecca and Simpson, Michael , title =. 2025 , url =

  63. [63]

    2025 , booktitle =

    Hawkins, Will and Mittelstadt, Brent and Russell, Chris , title =. 2025 , booktitle =

  64. [64]

    Analyzing the

    Gibson, Cassidy and Olszewski, Daniel and Brigham, Natalie Grace and Crowder, Anna and Butler, Kevin RB and Traynor, Patrick and Redmiles, Elissa M and Kohno, Tadayoshi , booktitle=. Analyzing the

  65. [65]

    USENIX Security Symposium , year=

    Extracting training data from diffusion models , author=. USENIX Security Symposium , year=

  66. [66]

    IEEE Symposium on Security and Privacy , year=

    Machine unlearning , author=. IEEE Symposium on Security and Privacy , year=

  67. [67]

    Advances in Neural Information Processing Systems, Position Paper Track , year=

    Machine Unlearning Doesn't Do What You Think: Lessons for Generative AI Policy, Research, and Practice , author=. Advances in Neural Information Processing Systems, Position Paper Track , year=

  68. [68]

    arXiv preprint arXiv:2510.09263 , year=

    SynthID-Image: Image watermarking at internet scale , author=. arXiv preprint arXiv:2510.09263 , year=

  69. [69]

    Advances in Neural Information Processing Systems , year=

    Leveraging catastrophic forgetting to develop safe diffusion models against malicious finetuning , author=. Advances in Neural Information Processing Systems , year=

  70. [70]

    Advances in Neural Information Processing Systems , year=

    Towards automated circuit discovery for mechanistic interpretability , author=. Advances in Neural Information Processing Systems , year=

  71. [71]

    International Conference on Learning Representations , year=

    Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To! , author=. International Conference on Learning Representations , year=

  72. [72]

    arXiv preprint arXiv:2506.06488 , year=

    Membership Inference Attacks for Unseen Classes , author=. arXiv preprint arXiv:2506.06488 , year=

  73. [73]

    2024 , journal=

    Scaling Monosemanticity: Extracting Interpretable Features from Claude 3 Sonnet , author=. 2024 , journal=

  74. [74]

    IEEE/CVF Conference on Computer Vision and Pattern Recognition , year=

    Detect-and-Guide: Self-regulation of Diffusion Models for Safe Text-to-Image Generation via Guideline Token Optimization , author=. IEEE/CVF Conference on Computer Vision and Pattern Recognition , year=

  75. [75]

    Stage-Wise Model Diffing , year =

  76. [76]

    Advances in Neural Information Processing Systems , volume=

    Overcoming sparsity artifacts in crosscoders to interpret chat-tuning , author=. Advances in Neural Information Processing Systems , volume=

  77. [77]

    arXiv preprint arXiv:2412.00357 , year=

    Safety alignment backfires: Preventing the re-emergence of suppressed concepts in fine-tuned text-to-image diffusion models , author=. arXiv preprint arXiv:2412.00357 , year=

  78. [78]

    arXiv , author=

    Dreambooth: Fine tuning text-to-image diffusion models for subject-driven generation. arXiv , author=. arXiv preprint arXiv:2208.12242 , year=

  79. [79]

    IEEE/CVF Conference on Computer Vision and Pattern Recognition , pages=

    A pilot study of query-free adversarial attack against stable diffusion , author=. IEEE/CVF Conference on Computer Vision and Pattern Recognition , pages=

  80. [80]

    European Conference on Computer Vision , year=

    Race: Robust adversarial concept erasure for secure text-to-image diffusion model , author=. European Conference on Computer Vision , year=

Showing first 80 references.