Recent advances in generative models, such as diffusion models, have raised concerns related to privacy, copyright infringement, and data stewardship. To better understand and control these risks, prior work has introduced techniques and attacks that reconstruct images, or parts of images, from training data. While these results demonstrate that training data can be recovered, existing methods often rely on high computational resources, partial access to the training set, or carefully engineered prompts. In this work, we present a new attack that requires low resources, assumes little to no access to the training data, and identifies seemingly benign prompts that can lead to potentially risky image reconstruction. We further show that such reconstructions may occur unintentionally, even for users without specialized knowledge. For example, we observe that for one existing model, the prompt ``blue Unisex T-Shirt'' generates the face of a real individual. Moreover, by combining the identified vulnerabilities with real-world prompt data, we discover prompts that reproduce memorized visual elements. Our approach builds on insights from prior work and leverages domain knowledge to expose a fundamental vulnerability arising from the use of scraped e-commerce data, where templated layouts and images are closely tied to pattern-like textual prompts. The code for our attack is publicly available at https://github.com/TheSolY/lr-tmi.

翻译：生成模型（如扩散模型）的最新进展引发了关于隐私、版权侵权和数据管理的担忧。为了更好地理解和控制这些风险，先前研究提出了从训练数据中重建图像或部分图像的技术与攻击方法。尽管这些结果表明训练数据可能被恢复，但现有方法通常依赖于高计算资源、对训练集的部分访问权限或精心设计的提示。在本研究中，我们提出了一种新的攻击方法，该方法所需资源较低，几乎不需要访问训练数据，并能识别看似良性的提示，这些提示可能导致潜在风险的图像重建。我们进一步证明，即使对于不具备专业知识的用户，此类重建也可能无意中发生。例如，我们观察到在某个现有模型中，提示“蓝色中性T恤”会生成真实人物的面部图像。此外，通过将已识别的漏洞与现实世界提示数据相结合，我们发现了能复现记忆视觉元素的提示。我们的方法基于先前研究的见解，并利用领域知识揭示了一个根本性漏洞，该漏洞源于对抓取的电子商务数据的使用——其中模板化布局和图像与模式化文本提示紧密关联。本攻击的代码已公开于 https://github.com/TheSolY/lr-tmi。