WATERMARKS IN THE SAND: THE ILLUSION OF RELIABLE ATTRIBUTION IN GENERATIVE AI

Mon, 04/28/2025 - 15:10 — mancini
Date: 
Wednesday, May 21, 2025
Location: 
Aula I, Edificio Caglioti (CU032)
Time: 
4:00 PM - 6:00 PM

Speaker: Prof. Giuseppe Ateniese (https://ateniese.github.io/)

Affiliation: George Mason University

Summary:  Generative AI produces remarkably realistic outputs, complicating efforts to distinguish human creations from synthetic content. A popular response embeds subtle statistical watermarks to certify authenticity. This talk systematically evaluates the fundamental reliability of watermarking, revealing that seemingly robust watermarks can always be removed through incremental, quality-preserving perturbations. Through systematic analysis and clear empirical demonstrations, it becomes evident that robust watermarking—resilient to removal without degrading output quality—is fundamentally unachievable. The results highlight that watermarking is no dependable safeguard, guiding us toward more cautious and realistic approaches to digital provenance.
This is based on a paper that was presented at ICML 2024 (https://hanlin-zhang.com/impossibility-watermarks/).

Biography: Giuseppe Ateniese is a Professor, Eminent Scholar in Cybersecurity and CCI Faculty Fellow in the Department of Computer Science and the Department of Cyber Security Engineering at George Mason University. He was Farber Endowed Chair in Computer Science and Department Chair at Stevens Institute of Technology. In addition, he was with Sapienza-University of Rome (Italy), Assistant/Associate Professor at Johns Hopkins University (USA), and one of the JHU Information Security Institute founders. He was a researcher at IBM Zurich Research lab (Switzerland) and scientist at the Information Sciences Institute of the University of Southern California (USA). He also briefly worked as visiting professor at Microsoft in Redmond (USA). He received the NSF CAREER Award for his research in privacy and security, and the Google Faculty Research Award, the IBM Faculty Award, and the IEEE CISTC Technical Recognition Award for his research on cloud security. He has contributed to areas such as proxy re-cryptography, anonymous communication, two-party computation, secure storage, and provable data possession. He is currently working on privacy-preserving machine learning and decentralized secure computing based on the blockchain technology.

Registration: No registration is required for this seminar.