Recent advances in generative models, such as diffusion models, have raised concerns related to privacy, copyright infringement, and data stewardship. To better understand and control these risks, prior work has introduced techniques and attacks that reconstruct images, or parts of images, from training data. While these results demonstrate that training data can be recovered, existing methods often rely on high computational resources, partial access to the training set, or carefully engineered prompts. In this work, we present a new attack that requires low resources, assumes little to no access to the training data, and identifies seemingly benign prompts that can lead to potentially risky image reconstruction. We further show that such reconstructions may occur unintentionally, even for users without specialized knowledge. For example, we observe that for one existing model, the prompt ``blue Unisex T-Shirt'' generates the face of a real individual. Moreover, by combining the identified vulnerabilities with real-world prompt data, we discover prompts that reproduce memorized visual elements. Our approach builds on insights from prior work and leverages domain knowledge to expose a fundamental vulnerability arising from the use of scraped e-commerce data, where templated layouts and images are closely tied to pattern-like textual prompts. The code for our attack is publicly available at https://github.com/TheSolY/lr-tmi.

翻译：生成模型（如扩散模型）的最新进展引发了与隐私、版权侵犯及数据管理相关的担忧。为更好地理解并控制这些风险，先前研究已提出多种技术与攻击方法，用于从训练数据中重构图像或图像局部。尽管这些结果证明训练数据可能被恢复，但现有方法通常依赖高计算资源、对训练集的局部访问权限或精心设计的提示。本研究提出一种新型攻击方法，所需资源较低、几乎无需访问训练数据，并能识别出看似无害却可能导致潜在风险图像重构的提示。我们进一步证明，即使是无专业知识的用户，也可能无意间触发此类重构。例如，我们观察到，在某个现有模型中，"蓝色中性T恤"这一提示会生成真实人物的面部图像。此外，通过将所识别的漏洞与真实世界提示数据相结合，我们发现了能复现记忆化视觉元素的提示。本方法基于先前研究中的见解，并利用领域知识揭示了因使用爬取电子商务数据而产生的根本性漏洞——此类数据中模板化布局和图像与模式化文本提示紧密关联。本攻击代码已公开于 https://github.com/TheSolY/lr-tmi。