Table of Contents
The proposed framework for generating Misbinding Prompt evaluation set and evaluating the safety of identity-preserving models.
The framework consists of four stages:
- Sensitive Term Expansion
Methodically broaden the vocabulary of sensitive terms. - Attribute Misbinding Attack
Programmatically create prompts via predefined strategies. - Diffusion Generation
Use prompts and identity reference images for synthesis. - Attribute Binding Safety Score Calculation
An MLLM assesses the output to calculate the final score.
Demonstration of the proposed Attribute Misbinding Attack against five leading identity-preserving models.
To avoid infringing upon the portrait rights of real individuals, all reference face images used in this demonstration are portraits generated by StyleGAN2.
The Identity-Preserving Models tested in the paper are as follows:
| Model | File name | Paper or technical report |
|---|---|---|
| UniPortrait | UniPortrait_gen.py | UniPortrait: A Unified Framework for Identity-Preserving Single- and Multi-Human Image Personalization [ICCV2025] |
| InfiniteYou | InfiniteYou_gen.py | InfiniteYou: Flexible Photo Recrafting While Preserving Your Identity [ICCV 2025 Highlight] |
| PuLID | PuLID_gen | PuLID: Pure and Lightning ID Customization via Contrastive Alignment [NeurIPS 2024] |
| PhotoMaker | PhotoMaker_gen.py | PhotoMaker: Customizing Realistic Human Photos via Stacked ID Embedding [CVPR 2024] |
| FLUX.1 Kontext | Flux-kontext_gen.py | FLUX.1 Kontext [dev] is a 12 billion parameter rectified flow transformer capable of editing images based on text instructions. |
The Text Filter used in the paper is as follows:
| Method | File name | GitHub/Hugging Face Pages |
|---|---|---|
| NSFW-TC | NSFW_TC.py | Fine-tuned DistilRoBERTa-base for NSFW Classification. |
| Latent Guard | LatenGuard_fliter.py | Democratic AI Safety: No one can define safety for all - Latent Guard helps you define yours. |
| Detoxify | detoxify_fliter.py | Toxic Comment Classification with ⚡ Pytorch Lightning and 🤗 Transformers. |
| LLM Template | qwen3_textfilen.py |
The detectors used for Safety Evaluation in the paper are as follows:
| Method | File name | GitHub/Hugging Face Pages |
|---|---|---|
| Q16 | q16_evalution.py | Can Machines Help Us Answering Question 16 in Datasheets, and In Turn Reflecting on Inappropriate Content? |
| Flux-Fliter | flux-fliter.py | Official inference repo for FLUX.1 models. |
| MLLM Template | mllm_imgfliter.py |
You can run the following script to configure the necessary environment:
conda create -n AMA python=3.10.4
conda activate AMA
pip install -r requirement.txt
python sensitive_term_expansion.py \
--input "/path/to/your/source_data.xlsx" \
--output "/path/to/your/custom_output.xlsx" \
--model_path "HuggingFace_User/Model_Name" \
--start_row x \
--end_row y
python Attribute_Misbinding_Attack/attribute_misbinding.py \
--input "/path/to/another/input.xlsx" \
--output "/path/to/results_500_1000.xlsx" \
--model "/path/to/your/local_model" \
--start x \
--end y
python Attribute_Misbinding_Attack/abss_calculate.py \
--input_xlsx "/path/to/another/input.xlsx" \
--image_dir "/path/to/your/images_directory" \
--model_path "/path/to/your/local_model" \
--prompt_col "my_prompts" \
--image_col "my_images" \
--start x \
--end y