New techniques developed by Australian researchers can stop unauthorized artificial intelligence (AI) systems that do not learn from photographs, artwork and other image-based content.
In collaboration with the Cyber Security Cooperative Research Center (CSCRC), developed by Australia's National Science Agency CSIRO, and the University of Chicago, this method will subtly alter content to make AI models unreadable while being transformed into human eyes.
Defense organizations can protect sensitive satellite images or cyber threat data from absorbing into AI models.
Breakthroughs help artists, organizations and social media users use their work and personal data to protect them from training AI systems and creating deepfakes. For example, social media users can automatically apply a protection layer to their photos before posting, preventing AI systems from learning facial features for creating deep faki.
This technique sets limits on how AI systems can learn from protected content. This provides a mathematical assurance that this protection is retained against adaptive attacks and even retraining attempts.
Dr. Derui Wang, a scientist at CSIRO, said the technique provides a new level of certainty for those uploading content online.
“Existing methods rely on trial and error or assumptions regarding the behavior of AI models,” says Wang. “Our approach is different. We can mathematically assure that rogue machine learning models cannot be learned from content that exceeds a certain threshold. This is a powerful safeguard for social media users, content creators and organizations.”
Wang said the technique can be applied automatically at large scale.
“Social media platforms or websites could be embedded in every image that uploaded this layer of protection,” he said. “This could help reduce the rise of deepfakes, reduce intellectual property theft and help users control the content.”
This method is currently applied to images, but there are plans to expand it to text, music and video.
This method remains theoretical, with results validated in a controlled lab setting. This code is available for academic use on GitHub, and the team is looking for research partners from sectors such as AI safety and ethics, defense, cybersecurity and academia.
This paper is an example of unproven data, presented at the 2025 Network and Distributed System Security Symposium (NDSS), where he was awarded the Distinguished Paper Award.
