Text-to-image (TTI) models offer many innovative services but also raise ethical concerns due to their potential to generate unethical images. Most public TTI services employ safety filters to prevent unintended images. In this work, we introduce the Divide-and-Conquer Attack to circumvent the safety filters of state-of the-art TTI models, including DALL-E 3 and Midjourney. Our attack leverages LLMs as text transformation agents to create adversarial prompts. We design attack helper prompts that effectively guide LLMs to break down an unethical drawing intent into multiple benign descriptions of individual image elements, allowing them to bypass safety filters while still generating unethical images. Because the latent harmful meaning only becomes apparent when all individual elements are drawn together. Our evaluation demonstrates that our attack successfully circumvents multiple strong closed-box safety filters. The comprehensive success rate of DACA bypassing the safety filters of the state-of-the-art TTI engine DALL-E 3 is above 85%, while the success rate for bypassing Midjourney V6 exceeds 75%. Our findings have more severe security implications than methods of manual crafting or iterative TTI model querying due to lower attack barrier, enhanced interpretability , and better adaptation to defense. Our prototype is available at: https://github.com/researchcode001/Divide-and-Conquer-Attack

翻译：文本到图像（TTI）模型提供了众多创新服务，但也因其生成不道德图像的潜力而引发伦理关切。大多数公共TTI服务采用安全过滤器以防止不当图像生成。本研究提出分而治之攻击，旨在绕过包括DALL-E 3和Midjourney在内的最先进TTI模型的安全过滤器。我们的攻击利用大语言模型作为文本转换代理来生成对抗性提示。我们设计了攻击辅助提示，有效引导大语言模型将不道德的绘图意图分解为多个单个图像元素的良性描述，从而在绕过安全过滤器的同时仍生成不道德图像。这是因为潜在的有害含义仅在所有单个元素共同绘制时才显现。评估表明，我们的攻击成功绕过了多个强大的封闭式安全过滤器。分而治之攻击绕过最先进TTI引擎DALL-E 3安全过滤器的综合成功率超过85%，而绕过Midjourney V6的成功率超过75%。由于攻击门槛更低、可解释性更强且更适应防御机制，我们的发现比手动构造或迭代查询TTI模型的方法具有更严重的安全影响。原型代码见：https://github.com/researchcode001/Divide-and-Conquer-Attack