Bypassing LLM Watermarks with Color-Aware Substitutions

arXiv:2403.14719v1 Announce Type: new
Abstract: Watermarking approaches are proposed to identify if text being circulated is human or large language model (LLM) generated. The state-of-the-art watermarking strategy of Kirchenbauer et al. (2023a) biases the LLM to generate specific (``green'') tokens. However, determining the robustness of this watermarking method is an open problem. Existing attack methods fail to evade detection for longer text segments. We overcome this limitation, and propose {\em Self Color Testing-based Substitution (SCTS)}, the first ``color-aware'' attack. SCTS …

art arxiv attack aware biases bypassing color cs.cr cs.cv cs.lg generated green human identify language large large language model llm problem robustness state strategy text tokens watermarking watermarks