麻省理工学院的新方法可在不生成内容的情况下识别基于 CASM 训练的 AI 模型
MIT's New Method Flags AI Models Trained on CASM Without Generating It

原始链接: https://insideai.news/news/ai-safety/mits-new-method-flags-ai-models-trained-on-child-abuse-imagery-without-generating-it/3869/

麻省理工学院的研究人员开发出一种突破性的审计方法——“高斯探测”(Gaussian probing)。该方法无需生成任何图像,即可识别出经过微调以生成儿童性虐待材料(CSAM)的 AI 模型。 此前,安全测试面临一个“法律悖论”:验证模型是否具有危险性需要生成非法内容,而这一过程既耗费人力,又会对人工审核员造成心理伤害。这种与非营利组织 Thorn 合作开发的新方法完全绕过了输出生成环节。相反,它通过分析模型的内部适配(具体为 LoRA 适配器)来创建模型能力的“指纹”。 在测试中,该方法在识别 CSAM 微调模型方面的准确率达到了 100%。由于它计算效率高且无需生成图像,该技术可以集成到像 Hugging Face 这样的开源模型存储库中,从而在有害适配扩散之前自动进行筛选和拦截。 随着人工智能生成的 CSAM 报告激增,该工具为平台执行安全规范提供了一种关键、可扩展且符合法律要求的机制。虽然它不能解决所有与 AI 相关的安全问题,但这标志着在减少滥用性 AI 内容扩散方面迈出了重要且积极的一步。

Sorry.
相关文章

原文

July 13, 2026, (Inside AI) — A new auditing method developed by MIT researchers can determine whether an AI model has been fine-tuned to generate child sexual abuse material (CSAM) without ever producing an image, sidestepping the legal and ethical barriers that have stymied safety checks.

Led by graduate student Vinith Suriyakumar and associate professors Ashia Wilson and Marzyeh Ghassemi, the team collaborated with child safety nonprofit Thorn to create a technique that inspects a model’s internal adaptations rather than its outputs. The approach, detailed in a paper presented at the International Conference on Machine Learning, achieved 100% accuracy in identifying models specialized for CSAM generation.

The breakthrough comes as reports of AI-generated CSAM skyrocket. The National Center for Missing and Exploited Children fielded over 1.5 million such reports in 2025, up from just 67,000 in 2024. Open-source generative AI models, easily fine-tuned using methods like low-rank adaptation (LoRA), have enabled bad actors to create hyper-realistic abusive imagery at scale.

“This unlocks a new avenue for platforms that host open-source models and for law enforcement to actually test whether a model is capable of generating CSAM. Before, we had no way of measuring this. It was a huge blind spot that some people were taking advantage of. Now, we can address an AI safety problem that is having severe negative impacts,” Suriyakumar said.

Why Output-Based Audits Failed

Traditional safety testing involves prompting a model and examining its responses. But generating CSAM, even for testing, is illegal in the U.S. and many other jurisdictions. This created a paradox: auditors couldn’t verify if a model was dangerous without committing a crime. Manual checks also don’t scale to the thousands of model variants uploaded monthly, and exposing human reviewers to such content carries psychological risks.

The MIT-Thorn team bypassed generation entirely. Their method, called Gaussian probing, feeds random data points into a model and analyzes how its internal representations shift due to LoRA adaptors—the lightweight add-ons that specialize a base model. By capturing these shifts at multiple layers and averaging them, the probe creates a fingerprint of the adaptation’s purpose.

“We never run the model all the way to the end or prompt the model, so we never generate images,” Suriyakumar explained. The technique proved robust: when tested on variations of three model types, it correctly flagged CSAM-tuned versions every time, even distinguishing them from models fine-tuned for other harmful but non-CSAM content.

A Scalable Shield for Hosting Platforms

Because Gaussian probing requires no image generation and minimal computation, it can be integrated into model-hosting platforms like Hugging Face or Civitai to automatically screen uploads. This could stop dangerous models before they spread, addressing a gap that has allowed illicit LoRA adaptors to proliferate on public repositories.

The approach also resists evasion better than output filters. A malicious actor would need to fundamentally alter the base model’s architecture to hide the telltale adaptations, a far higher bar than simply tweaking prompts. “There is a huge bucket of child safety concerns with AI, and these are real concerns that need to be addressed. A lot of children are being harmed by AI deepfakes. We’ve shown that Gaussian probing can be a very useful tool, and we hope the research community really pours more attention into this problem,” Wilson said.

The research, supported in part by the Bridgewater AIA Labs Research Fellowship, also involved Lena Stempfle, an MIT postdoc, and collaborators from Boston University and Thorn. The team plans to test the method on a broader range of models and explore whether it can detect harmful capabilities in base models before any fine-tuning occurs—a preemptive strike against misuse.

While the technique marks a significant step, experts caution that it addresses only one vector of AI-generated CSAM. Models trained from scratch on abusive datasets or those using other adaptation methods may still evade detection. Nonetheless, for the open-source ecosystem where LoRA has become the de facto customization tool, Gaussian probing offers a pragmatic, legally sound solution.

“Now we have a technological approach to partially address this concern. So much effort was poured into this collaboration, which enabled us to tackle a really hard problem that is harming so many children, nationally and around the world. Hopefully, we can have a transformative impact in this area,” Ghassemi said.

联系我们 contact @ memedata.com