Official repository for the research paper "Prompt Pirates Need a Map: Stealing Seeds helps Stealing Prompts (https://arxiv.org/abs/2509.09488)"
This repository contains the research and tools for understanding and demonstrating prompt-stealing attacks against diffusion models. Our work reveals critical vulnerabilities in popular AI image generation frameworks and introduces novel methods for both attack and defense.
- Seed Recovery: Seeds from Stable Diffusion generated images can be uniquely identified from the final images
- Critical Vulnerability: We identified CWE-339 vulnerabilities in major frameworks (AUTOMATIC1111, ComfyUI, Diffusers, etc.), that allow seed recovery
- Prompt Stealing: Using recovered seeds, we developed PromptPirate, a genetic algorithm-based method to steal prompts with high accuracy
- 8-11% Improvement: PromptPirate outperforms state-of-the-art prompt stealing methods by 8-11% in LPIPS similarity
A powerful brute-force attack that exploits the limited seed space (2^32) in PyTorch-based diffusion implementations.
Try it now:
A genetic algorithm-based optimization method that leverages recovered seeds to steal prompts with unprecedented accuracy.
├── 📄 paper.tex # Complete research paper source
├── 📁 SeedSnitch/ # Seed recovery demonstration
│ └── SeedSnitch.ipynb # Interactive Jupyter notebook
└── 📁 PromptPirate/ # Advanced prompt stealing tool
└── (Coming Soon!) # Full implementation
- Read the Paper: arXiv:2509.09488
- Try SeedSnitch:
- Explore the Code: Browse the
SeedSnitch/folder for the demonstration - Wait for PromptPirate: Full implementation coming soon!
@article{machtle2024prompt,
title={Prompt Pirates Need a Map: Stealing Seeds helps Stealing Prompts},
author={M{\"a}chtle, Felix and Shetty, Ashwath and Sander, Jonas and Loose, Nils and Pirk, S{\"o}ren and Eisenbarth, Thomas},
journal={arXiv preprint arXiv:2509.09488},
year={2024}
}