Nightshade Attack
What is Nightshade Attack?
Nightshade AttackA data-poisoning technique developed by the University of Chicago's Glaze team that adds imperceptible perturbations to images so that text-to-image models trained on them learn deeply distorted concepts.
Released in 2023-2024 by Shan et al., Nightshade lets artists fight back against unauthorised scraping of their work for generative-AI training. The perturbed images look unchanged to humans but, once present in a training set, push the target model to misassociate concepts — a poisoned image labelled "dog" may teach the model to render cats, or twist artistic styles into unusable shapes. Even small numbers of Nightshade images can degrade model quality. While framed as a defensive tool for creators, Nightshade is technically an offensive supply-chain attack against scraped corpora, and it has spurred broader research into copyright-aware data sourcing, dataset hygiene, opt-out registries, and provenance tooling at companies like OpenAI, Stability, and Adobe.
● Examples
- 01
An illustrator releasing portfolio images perturbed with Nightshade to discourage their inclusion in training corpora.
- 02
A diffusion model whose outputs degrade after ingesting a few thousand Nightshade-poisoned images of common concepts.
● Frequently asked questions
What is Nightshade Attack?
A data-poisoning technique developed by the University of Chicago's Glaze team that adds imperceptible perturbations to images so that text-to-image models trained on them learn deeply distorted concepts. It belongs to the AI & ML Security category of cybersecurity.
What does Nightshade Attack mean?
A data-poisoning technique developed by the University of Chicago's Glaze team that adds imperceptible perturbations to images so that text-to-image models trained on them learn deeply distorted concepts.
How does Nightshade Attack work?
Released in 2023-2024 by Shan et al., Nightshade lets artists fight back against unauthorised scraping of their work for generative-AI training. The perturbed images look unchanged to humans but, once present in a training set, push the target model to misassociate concepts — a poisoned image labelled "dog" may teach the model to render cats, or twist artistic styles into unusable shapes. Even small numbers of Nightshade images can degrade model quality. While framed as a defensive tool for creators, Nightshade is technically an offensive supply-chain attack against scraped corpora, and it has spurred broader research into copyright-aware data sourcing, dataset hygiene, opt-out registries, and provenance tooling at companies like OpenAI, Stability, and Adobe.
How do you defend against Nightshade Attack?
Defences for Nightshade Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Nightshade Attack?
Common alternative names include: Nightshade poisoning, Glaze offensive variant.
● Related terms
- ai-security№ 281
Data Poisoning
An attack on a machine-learning system in which adversaries inject, alter, or relabel training data so the resulting model behaves incorrectly or contains hidden backdoors.
- ai-security№ 034
AI Supply Chain Risk
The set of threats arising from the third-party datasets, base models, libraries, plug-ins, and infrastructure that organisations combine to build and deploy AI systems.
- ai-security№ 035
AI Watermarking
Techniques that embed a detectable signal into AI-generated content so its provenance, model of origin, or training-set membership can be verified later.
- ai-security№ 027
AI Governance
The policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully.
- ai-security№ 1123
Synthetic Media
Any audio, image, video, or text content produced or substantially modified by generative AI rather than captured directly from the physical world.
- ai-security№ 026
AI Content Detection
Tools and techniques that estimate whether a piece of text, image, audio, or video was produced by an AI model rather than a human.