HyperAIHyperAI

Command Palette

Search for a command to run...

Position : La recherche sur les deepfakes en IA/ML est mal alignée avec l’imagerie intime non consensuelle générée par IA (AIG-NCII)

Li Qiwei Wells Lucas Santo Sarita Schoenebeck Eric Gilbert

Résumé

L’imagerie intime non consensuelle générée par IA (AIG-NCII) n’est pas traitée de manière adéquate dans la littérature en IA/ML concernant les médias générés par IA, communément appelés « deepfakes ». Alors que la recherche sur les deepfakes se concentre actuellement sur ses préjudices épistémiques — c’est-à-dire les préjudices liés à la vérité et à l’authenticité —, cela est mal aligné avec la réalité dominante de l’abus de l’IA générative impliquant des images sexualisées. Nous menons une analyse du paysage des travaux les plus cités pour démontrer que les interventions techniques traitant des deepfakes ignorent presque entièrement l’AIG-NCII, limitant l’écosystème de recherche aux outils de détection d’authenticité. Dans cet article de position, nous soutenons que les interventions existantes traitent les préjudices épistémiques centrés sur le spectateur, comme la fraude ou les escroqueries, mais ignorent les préjudices à la dignité centrés sur le sujet, tels que l’AIG-NCII. Nous illustrons que savoir qu’une image est synthétique n’atténue pas les préjudices pour les sujets et peut, dans certains cas, même les exacerber. Nous concluons en proposant des recommandations pour réaligner le domaine, notamment la mise à jour des modèles de menace pour prendre en compte les préjudices centrés sur le sujet et l’intégration de l’AIG-NCII dans la recherche sur la sécurité de l’IA. Enfin, nous avertissons que les chercheurs ne devraient s’engager dans ce domaine à haut risque que s’ils mettent en place des garde-fous de sécurité pour les sujets et les chercheurs et établissent des partenariats avec des experts du domaine de la prévention de la violence sexuelle.

One-sentence Summary

Li Qiwei, Wells Lucas Santo, Sarita Schoenebeck, and Eric Gilbert argue that AI/ML deepfake research is misaligned with the reality of AI-generated non-consensual intimate imagery (AIG-NCII) because it focuses on viewer-centric epistemic harms like authenticity while neglecting subject-centric dignity harms, illustrating that knowing an image is synthetic does not mitigate harms and may even exacerbate them, and they propose updating threat models, incorporating AIG-NCII into AI safety research, and implementing safety guardrails with domain experts in sexual violence prevention.

Key Contributions

  • The paper conducts a landscape analysis of highly-cited deepfake research, demonstrating that existing technical interventions overwhelmingly target viewer-centric epistemic harms such as authenticity detection and nearly ignore AI-generated non-consensual intimate imagery (AIG-NCII).
  • It introduces a conceptual distinction between viewer-centric epistemic harms and subject-centric dignity harms, and shows that knowing an image is synthetic does not mitigate harm to subjects and may even exacerbate it.
  • The paper offers a set of actionable recommendations for realigning the field, including updating threat models to center subject-centric harms, integrating AIG-NCII into AI safety research, and implementing safety guardrails and substantive partnerships with sexual violence prevention experts as prerequisites for engagement.

Introduction

Generative AI is heavily exploited to produce non-consensual intimate imagery (AIG-NCII), including “undressing” tools and deepfake pornography. This is arguably the most prevalent harmful application of such models, yet the AI safety community has overwhelmingly focused on detecting synthetic media to protect viewers from deception and misinformation. Prior work therefore addresses epistemic harms tied to authenticity, neglecting the subject-centric dignity harms that arise from the non-consensual misuse of a person’s likeness, regardless of whether viewers are fooled. The authors identify a structural misalignment: current authenticity-oriented interventions cannot mitigate, and in some deployment scenarios even exacerbate, the abuse suffered by victims. Their contribution is a position paper that surfaces the gap through a landscape analysis of recent research, demonstrates how authenticity tools fall short or backfire for AIG-NCII, and proposes concrete recommendations to reorient technical efforts toward subject-centric dignity harms.

Dataset

The authors construct a curated corpus of research papers to investigate the degree to which the deepfake detection and forensics literature addresses AI-generated non-consensual intimate imagery (AIG‑NCII).

  • Composition and sources: The dataset consists of 39 papers published between 2020 and 2025 at top‑tier venues (CVPR, ICCV, ECCV, NeurIPS, ICML, ICLR) or as highly cited (≥80 citations) arXiv preprints. The initial pool was obtained from Google Scholar using the query: (“detection” OR “detector” OR “forensics” OR “recognition” OR “watermark”) AND (“deepfake” OR “synthetic image” OR “fake image” OR “diffusion”), which returned 965 papers.

  • Key details and filtering rules:

  • First filtering: only papers from the named venues or with ≥80 citations were kept, yielding 379 papers.

  • Second filtering: the top‑100 most cited papers from that set were selected.

  • Manual cleaning: papers that used diffusion models for unrelated vision tasks (e.g., tumor detection, car detection, steel‑crack detection) and one retracted paper were excluded, leaving a final set of 39 papers.

  • Subset categorization: each paper was manually examined for engagement with AIG‑NCII terms (“non‑consensual intimate imagery”, “NCII”, “revenge porn”, “sexual violence”, “porn”, “nudity”, “undress”, “obscene”). The 39 papers are divided into three tiers:

  • No mention (34 papers): the problem is framed solely as misinformation, fraud, or artifact detection.

  • Mention only (5 papers): AIG‑NCII terms appear in passing (introduction or impact statement), but the technical contribution is generic.

  • Technical implementation (0 papers): no paper designs an intervention with a threat model specific to AIG‑NCII.

  • How the paper uses the dataset: The curated corpus is not used for training or mixture‑ratio tuning. Instead, it serves as the object of a qualitative analysis. The authors manually inspect each paper to quantify the misalignment between existing research concerns and the reality of AIG‑NCII, showing that almost all deepfake‑harm reduction work ignores non‑consensual intimate imagery. The resulting tiered breakdown directly supports the paper’s claim that the literature is overwhelmingly motivated by trust, fraud, and political misinformation.

  • Processing details: No automated cropping, metadata construction, or training splits are applied. The dataset construction is entirely based on citation‑based filtering, keyword‑based screening, and manual content analysis to assign each paper to a tier of engagement.

Method

The authors perform a systematic landscape analysis to quantify how deeply the deepfake defense community engages with AIG‑NCII. They begin by querying Google Scholar with a Boolean keyword set covering detection, forensics, watermarking, and synthetic media terms, yielding 965 candidate papers. The results are then filtered to top‑tier venues (CVPR, ICCV, ECCV, NeurIPS, ICML, ICLR) and highly cited works, discarding workshop papers and including relevant arXiv preprints. After this cut, 379 papers remain, and the top‑100 by citation are manually screened to exclude contributions where diffusion models serve unrelated CV tasks (tumor detection, defect inspection, etc.) as well as one retracted paper. This leaves a final dataset of 39 papers that undergo qualitative content analysis. Each paper is tagged for the presence of terms such as “non‑consensual intimate imagery,” “NCII,” “revenge porn,” “sexual violence,” “nudity,” and “undress.”

The analysis categorizes the 39 papers into three tiers of engagement:

  1. No mention (34 papers) – the harm is framed purely as misinformation, fraud, or artifact detection.
  2. Mention only (5 papers) – AIG‑NCII terms appear in passing but the technical method remains generic.
  3. Technical implementation (0 papers) – none of the works design an intervention with a threat model specific to AIG‑NCII.

This structured approach confirms that the research community overwhelmingly anchors deepfake defense in notions of truth and authenticity, ignoring harms that are non‑consensual and intimate in nature.

To contextualize this absence, the authors then review the three dominant authenticity‑based intervention paradigms that constitute the core of the surveyed literature. Each paradigm operates under the assumption that truth‑verification is a sufficient proxy for safety.

Detection methods treat the problem as a binary classification task, learning a decision boundary between authentic and synthetic media distributions. Earlier detectors leveraged GAN‑specific artifacts, but the rise of diffusion models forced a shift toward fingerprints left by the iterative denoising process. Techniques like DIRE exploit the observation that diffusion‑generated images exhibit lower reconstruction error when inverted through a pretrained diffusion model, while other work identifies distinct spectral traces from Gaussian noise scheduling inherent to latent diffusion. More recently, detectors have moved to the feature spaces of foundation vision‑language models such as CLIP, aiming to capture synthetic semantic patterns that generalize across rapidly evolving generator architectures.

Provenance methods, exemplified by the C2PA specification, eschew learned decisions in favor of cryptographically verifiable chain‑of‑custody. At each modification step, a digital signature is bound to a hash of the pixel data and a manifest of metadata assertions (ownership, timestamp). The guiding assumption is that a tamper‑evident lineage from source asset to output is a direct indicator of authenticity, restoring trust in media origin and editing history.

Watermarking embeds invisible signals directly into the media content at generation time, signaling its synthetic nature in a way that is more robust than separable metadata. Latent watermarking and sampling‑based techniques aim to survive common transformations such as cropping, filtering, and compression. An implementation like Google’s SynthID illustrates the paradigm: a signal is encoded into the asset and later recovered only with a paired detector, enabling post‑hoc detection even after redistribution. Collectively, these three paradigms illustrate how the current tooling equates safety with authentication, a framing the authors contend is misaligned with the lived harm of AIG‑NCII.

Experiment

The table illustrates that the axis of authenticity (synthetic versus authentic media) is orthogonal to the axis of safety, which is determined by consent. Because current detection tools only distinguish synthetic from authentic content, they fail to separate harmful non-consensual imagery (both AI-generated and traditional) from safe consensual imagery in either category, creating a fundamental mismatch between the measured property and the actual risk. Safety depends on consent, not on whether an image is synthetic or authentic. Harmful non-consensual intimate imagery exists in both synthetic (AIG-NCII) and authentic (traditional NCII) forms. Safe consensual sexual imagery also appears in both synthetic (artistic self-expression) and authentic (consensual pornography) forms. Authenticity-based detection conflates harmful AIG-NCII with safe consensual synthetic media, and risks over-censoring legitimate expression.

The analysis demonstrates that authenticity-based detection tools are fundamentally mismatched with the actual risk in non-consensual intimate imagery because safety depends on consent rather than on whether content is synthetic or authentic. It shows that both harmful non-consensual imagery and safe consensual sexual imagery exist across synthetic and authentic categories, leading these tools to conflate harmful AI-generated non-consensual imagery with safe consensual synthetic expression and risk over-censoring legitimate content.


Créer de l'IA avec l'IA

De l'idée au lancement — accélérez votre développement IA avec le co-codage IA gratuit, un environnement prêt à l'emploi et le meilleur prix pour les GPU.

Codage assisté par IA
GPU prêts à l’emploi
Tarifs les plus avantageux

HyperAI Newsletters

Abonnez-vous à nos dernières mises à jour
Nous vous enverrons les dernières mises à jour de la semaine dans votre boîte de réception à neuf heures chaque lundi matin
Propulsé par MailChimp