SESSION
Session 3D: Al Safety
-----------
-----------
Authors, Creators & Presenters: Yutong Wu (Nanyang Technological University), Jie Zhang (Centre for Frontier AI Research, Agency for Science, Technology and Research (A*STAR), Singapore), Florian Kerschbaum (University of Waterloo), Tianwei Zhang (Nanyang Technological University)
-----------
PAPER
THEMIS: Regulating Textual Inversion for Personalized Concept Censorship
Personalization has become a crucial demand in the Generative AI technology. As the pre-trained generative model (e.g., stable diffusion) has fixed and limited capability, it is desirable for users to customize the model to generate output with new or specific concepts. Fine-tuning the pre-trained model is not a promising solution, due to its high requirements of computation resources and data. Instead, the emerging personalization approaches make it feasible to augment the generative model in a lightweight manner. However, this also induces severe threats if such advanced techniques are misused by malicious users, such as spreading fake news or defaming individual reputations. Thus, it is necessary to regulate personalization models (i.e., achieve concept censorship) for their development and advancement. In this paper, we focus on the regulation of a popular personalization technique dubbed textbf{Textual Inversion (TI)}, which can customize Text-to-Image (T2I) generative models with excellent performance. TI crafts the word embedding that contains detailed information about a specific object. Users can easily add the word embedding to their local T2I model, like the public Stable Diffusion (SD) model, to generate personalized images. The advent of TI has brought about a new business model, evidenced by the public platforms for sharing and selling word embeddings (e.g., Civitai [1]). Unfortunately, such platforms also allow malicious users to misuse the word embeddings to generate unsafe content, causing damages to the concept owners. We propose THEMIS to achieve the personalized concept censorship. Its key idea is to leverage the backdoor technique for good by injecting positive backdoors into the TI embeddings. Briefly, the concept owner selects some sensitive words as triggers during the training of TI, which will be censored for normal use. In the subsequent generation stage, if a malicious user combines the sensitive words with the personalized embeddings as final prompts, the T2I model will output a pre-defined target image rather than images including the desired malicious content. To demonstrate the effectiveness of THEMIS, we conduct extensive experiments on the TI embeddings with Latent Diffusion and Stable Diffusion, two prevailing open-sourced T2I models. The results demonstrate that THEMIS is capable of preventing Textual Inversion from cooperating with sensitive words meanwhile guaranteeing its pristine utility. Furthermore, THEMIS is general to different uses of sensitive words, including different locations, synonyms, and combinations of sensitive words. It can also resist different types of potential and adaptive attacks. Ablation studies are also conducted to verify our design.
-----------
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
##################
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – THEMIS: Regulating Textual Inversion For Personalized Concept Censorship appeared first on Security Boulevard.
If your tools say a link is clean, do you fully trust it? Most SOC leaders don’t anymore, and for good reason. Phishing has become polished, quiet, and built to blend into everyday traffic. It slips through filters, lands in inboxes unnoticed, and only reveals its intent after a user interacts. By the time the real behavior appears, your defenses have […]
The post Phishing Breaks More Defenses Than Ever. Here’s the Fix appeared first on Cyber Security News.
Leading off our news on scams this week, a heads-up for DoorDash users, merchants, and Dashers too. A data breach...
The post This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts appeared first on McAfee Blog.
A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work to bypass traditional antivirus detection methods while extracting sensitive user information. The threat actors behind this campaign have demonstrated sophisticated knowledge of mobile security vulnerabilities, combining multiple evasion strategies […]
The post AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload appeared first on Cyber Security News.
It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good.
Some of the book’s forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41.
We need more reviews—six on Amazon is not enough, and no one has yet posted a viral TikTok review. One review was published in Nature and another on the RSA Conference website, but more would be better. If you’ve read the book, please leave a review somewhere.
My coauthor and I have been doing all sort of book events, both online and in person. This ...
The post More on Rewiring Democracy appeared first on Security Boulevard.
Xillen Stealer, a sophisticated Python-based information stealer, has emerged as a significant threat in the cybercriminal landscape. Originally identified by Cyfirma in September 2025, this cross-platform malware has recently evolved into versions 4 and 5, introducing a dangerous arsenal of features designed to steal sensitive credentials, cryptocurrency wallets, and system information while evading modern security […]
The post Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers appeared first on Cyber Security News.
The dark web has transformed into a functioning parallel labor market where cyber specialists find employment through unconventional channels. Unlike traditional job boards, this shadow economy operates with distinct recruitment norms and salary expectations that differ significantly from legitimate hiring practices. A comprehensive analysis of 2,225 job-related posts collected from dark web forums between January […]
The post Dark Web Job Market Evolved – Prioritizes Practical Skills Over Formal Education appeared first on Cyber Security News.
Two of North Korea’s most dangerous hacking groups have joined forces to launch a coordinated attack campaign that threatens organizations worldwide. The Kimsuky and Lazarus groups are working together to steal sensitive intelligence and cryptocurrencies through a systematic approach that combines social engineering with zero-day exploitation. This partnership represents a major shift in how state-sponsored […]
The post North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide appeared first on Cyber Security News.