The booming use of text-to-image generative models has raised concerns about their high risk of producing copyright-infringing content. While probabilistic copyright protection methods provide a probabilistic guarantee against such infringement, in this paper, we introduce Virtually Assured Amplification Attack (VA3), a novel online attack framework that exposes the vulnerabilities of these protection mechanisms. The proposed framework significantly amplifies the probability of generating infringing content on the sustained interactions with generative models and a non-trivial lower-bound on the success probability of each engagement. Our theoretical and experimental results demonstrate the effectiveness of our approach under various scenarios. These findings highlight the potential risk of implementing probabilistic copyright protection in practical applications of text-to-image generative models. Code is available at https://github.com/South7X/VA3.

翻译：文本到图像生成模型的广泛使用引发了人们对其生成侵权内容高风险的担忧。尽管概率性版权保护方法能为此类侵权提供概率保证，但在本文中，我们提出了一种名为“虚拟确定放大攻击”（VA3）的新型在线攻击框架，揭示了这些保护机制的脆弱性。该框架通过持续与生成模型交互，显著放大了生成侵权内容的概率，并确保了每次交互的成功概率存在一个非平凡下界。我们的理论与实验结果表明，该方法在多种场景下均具有有效性。这些发现凸显了在文本到图像生成模型的实际应用中实施概率版权保护存在的潜在风险。代码见 https://github.com/South7X/VA3。