Unveiling the Attribute Misbinding Threat in Identity-Preserving Models

Authors

  • Junming Fu School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University
  • Jishen Zeng Alibaba Group
  • Yi Jiang School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University
  • Peiyu Zhuang School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University
  • Baoying Chen Alibaba Group
  • Siyu Lu School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University
  • Jianquan Yang School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University Shenzhen Institute of Advanced Technology

DOI:

https://doi.org/10.1609/aaai.v40i1.36989

Abstract

Identity-preserving models have led to notable progress in generating personalized content. Unfortunately, such models also exacerbate risks when misused, for instance, by generating threatening content targeting specific individuals. This paper introduces the Attribute Misbinding Attack, a novel method that poses a threat to identity-preserving models by inducing them to produce Not-Safe-For-Work (NSFW) content. The attack's core idea involves crafting benign-looking textual prompts to circumvent text-filter safeguards and leverage a key model vulnerability: flawed attribute binding that stems from its internal attention bias. This results in misattributing harmful descriptions to a target identity and generating NSFW outputs. To facilitate the study of this attack, we present the Misbinding Prompt evaluation set, which examines the content generation risks of current state-of-the-art identity-preserving models across four risk dimensions: pornography, violence, discrimination, and illegality. Additionally, we introduce the Attribute Binding Safety Score (ABSS), a metric for concurrently assessing both content fidelity and safety compliance. Experimental results show that our Misbinding Prompt evaluation set achieves a 5.28 % higher success rate in bypassing five leading text filters (including GPT-4o) compared to existing main-stream evaluation sets, while also demonstrating the highest proportion of NSFW content generation. The proposed ABSS metric enables a more comprehensive evaluation of identity-preserving models by concurrently assessing both content fidelity and safety compliance.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Fu, J., Zeng, J., Jiang, Y., Zhuang, P., Chen, B., Lu, S., & Yang, J. (2026). Unveiling the Attribute Misbinding Threat in Identity-Preserving Models. Proceedings of the AAAI Conference on Artificial Intelligence, 40(1), 283–291. https://doi.org/10.1609/aaai.v40i1.36989

Issue

Vol. 40 No. 1: AAAI-26 Technical Tracks 1

Section

AAAI Technical Track on Application Domains I