Erased but Not Forgotten: How Backdoors Compromise Concept Erasure
Researchers have discovered a critical vulnerability called Erasure Evasion Backdoor (EEB) that allows adversaries to bypass concept erasure methods in text-to-image diffusion models by binding malicious triggers to concepts marked for removal. The backdoor survives the erasure process across six state-of-the-art methods, achieving up to 94% success rates in exposing harmful content, revealing fundamental weaknesses in current AI safety approaches.