IBM/VillanDiffusion external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

IBM/VillanDiffusion

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/IBM/VillanDiffusion)

Close

IBM / VillanDiffusionView on GitHubMore

• External links
• Readme badge

Code Repo for the NeurIPS 2023 paper "VillanDiffusion: A Unified Backdoor Attack Framework for Diffusion Models"

☆27Sep 18, 2025Updated 5 months ago

Alternatives and similar repositories for VillanDiffusion

Users that are interested in VillanDiffusion are comparing it to the libraries listed below

• JJ-Vice / BAGM

  View on GitHub
  All code and data necessary to replicate experiments in the paper BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Model…
  ☆13Sep 16, 2024Updated last year
• njuaplusplus / Elijah

  View on GitHub
  ☆13May 1, 2024Updated last year
• Robin-WZQ / T2IShield

  View on GitHub
  [ECCV'24] T2IShield: Defending Against Backdoors on Text-to-Image Diffusion Models
  ☆17Dec 21, 2025Updated 2 months ago
• linweiii / BackdoorDM

  View on GitHub
  [NeurIPS 2025 D&B] BackdoorDM: A Comprehensive Benchmark for Backdoor Learning in Diffusion Model
  ☆24Aug 1, 2025Updated 6 months ago
• IBM / BadDiffusion

  View on GitHub
  Official repo to reproduce the paper "How to Backdoor Diffusion Models?" published at CVPR 2023
  ☆96Sep 17, 2025Updated 5 months ago
• Huang-yihao / Personalization-based_backdoor

  View on GitHub
  ☆10Dec 18, 2024Updated last year
• LukasStruppek / Rickrolling-the-Artist

  View on GitHub
  [ICCV 2023] Source code for our paper "Rickrolling the Artist: Injecting Invisible Backdoors into Text-Guided Image Generation Models".
  ☆65Nov 20, 2023Updated 2 years ago
• jiawangbai / BadCLIP

  View on GitHub
  Implementation of BadCLIP https://arxiv.org/pdf/2311.16194.pdf
  ☆23Mar 23, 2024Updated last year
• AntigoneRandy / PTYNet

  View on GitHub
  The official implementation of the paper "Free Fine-tuning: A Plug-and-Play Watermarking Scheme for Deep Neural Networks".
  ☆19Apr 19, 2024Updated last year
• chenweixin107 / TrojDiff

  View on GitHub
  ☆59Nov 24, 2022Updated 3 years ago
• LiangSiyuan21 / BadCLIP

  View on GitHub
  ☆30Sep 3, 2024Updated last year
• zhaisf / BadT2I

  View on GitHub
  [MM'23 Oral] "Text-to-image diffusion models can be easily backdoored through multimodal data poisoning"
  ☆31Aug 14, 2025Updated 6 months ago
• rmin2000 / WaDiff

  View on GitHub
  A Watermark-Conditioned Diffusion Model for IP Protection (ECCV 2024)
  ☆35Apr 5, 2025Updated 10 months ago
• uw-nsl / CleanGen

  View on GitHub
  [EMNLP 24] Official Implementation of CLEANGEN: Mitigating Backdoor Attacks for Generation Tasks in Large Language Models
  ☆19Mar 9, 2025Updated 11 months ago
• haowang02 / EvilEdit

  View on GitHub
  [MM '24] EvilEdit: Backdooring Text-to-Image Diffusion Models in One Second
  ☆28Nov 19, 2024Updated last year
• XuankunRong / BYE

  View on GitHub
  [NeurIPS'25] Backdoor Cleaning without External Guidance in MLLM Fine-tuning
  ☆17Oct 13, 2025Updated 4 months ago
• jiangw-0 / LE_JCDP

  View on GitHub
  Unlearnable Examples Give a False Sense of Security: Piercing through Unexploitable Data with Learnable Examples
  ☆11Oct 14, 2024Updated last year
• haonan3 / ICML-2024-Oral-SilentBadDiffusion

  View on GitHub
  ☆13Nov 22, 2024Updated last year
• Zhang-Henry / INACTIVE

  View on GitHub
  The official implementation of CVPR 2025 paper "Invisible Backdoor Attack against Self-supervised Learning"
  ☆17Jul 5, 2025Updated 7 months ago
• HanxunH / Detect-CLIP-Backdoor-Samples

  View on GitHub
  [ICLR2025] Detecting Backdoor Samples in Contrastive Language Image Pretraining
  ☆19Feb 26, 2025Updated last year
• Megum1 / LOTUS

  View on GitHub
  [CVPR'24] LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
  ☆15Jan 15, 2025Updated last year
• PKU-ML / AdvNotRealFeatures

  View on GitHub
  Official Code for reproductivity of the NeurIPS 2023 paper: Adversarial Examples Are Not Real Features
  ☆16Jun 27, 2024Updated last year
• csdongxian / ANP_backdoor

  View on GitHub
  Codes for NeurIPS 2021 paper "Adversarial Neuron Pruning Purifies Backdoored Deep Models"
  ☆63May 8, 2023Updated 2 years ago
• mathebell / model-watermarking

  View on GitHub
  ☆16Dec 3, 2021Updated 4 years ago
• JWLiang007 / PFF

  View on GitHub
  Official implementation of "Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection" (ICLR 2024)
  ☆18Apr 15, 2024Updated last year
• jinghuichen / AWM

  View on GitHub
  Github repo for One-shot Neural Backdoor Erasing via Adversarial Weight Masking (NeurIPS 2022)
  ☆15Jan 3, 2023Updated 3 years ago
• lthero-big / A-watermark-for-Diffusion-Models

  View on GitHub
  This is an unofficial implementation of the Paper by Kejiang Chen et.al. on Gaussian Shading: Provable Performance-Lossless Image Waterma…
  ☆38Aug 6, 2024Updated last year
• bboylyg / RNP

  View on GitHub
  Reconstructive Neuron Pruning for Backdoor Defense (ICML 2023)
  ☆39Dec 24, 2023Updated 2 years ago
• sycny / ZIP

  View on GitHub
  [NeurIPS2023] Black-box Backdoor Defense via Zero-shot Image Purification
  ☆16Oct 31, 2023Updated 2 years ago
• YiZeng623 / frequency-backdoor

  View on GitHub
  ICCV 2021, We find most existing triggers of backdoor attacks in deep learning contain severe artifacts in the frequency domain. This Rep…
  ☆48Apr 27, 2022Updated 3 years ago
• kong13661 / PIA

  View on GitHub
  Official repo for An Efficient Membership Inference Attack for the Diffusion Model by Proximal Initialization
  ☆16Mar 8, 2024Updated last year
• grasses / PoisonPrompt

  View on GitHub
  Code for paper: PoisonPrompt: Backdoor Attack on Prompt-based Large Language Models, IEEE ICASSP 2024. Demo//124.220.228.133:11107
  ☆20Aug 10, 2024Updated last year
• SJTUHaiyangYu / BackdoorMBTI

  View on GitHub
  BackdoorMBTI is an open source project expanding the unimodal backdoor learning to a multimodal context. We hope that BackdoorMBTI can fa…
  ☆25Aug 17, 2025Updated 6 months ago
• kylemin / WOUAF

  View on GitHub
  WOUAF: Weight Modulation for User Attribution and Fingerprinting in Text-to-Image Diffusion Models (CVPR 2024)
  ☆25Jun 14, 2024Updated last year
• zqypku / mm_poison

  View on GitHub
  ☆21Oct 25, 2023Updated 2 years ago
• senp98 / wdm

  View on GitHub
  The official implementation of "Intellectual Property Protection of Diffusion Models via the Watermark Diffusion Process"
  ☆20Feb 18, 2025Updated last year
• meet-cjli / CTRL

  View on GitHub
  An Embarrassingly Simple Backdoor Attack on Self-supervised Learning
  ☆20Jan 24, 2024Updated 2 years ago
• zaixizhang / CBD

  View on GitHub
  Official Inplementation of CVPR23 paper "Backdoor Defense via Deconfounded Representation Learning"
  ☆25Mar 13, 2023Updated 2 years ago
• ethz-spylab / rlhf-poisoning

  View on GitHub
  Code for paper "Universal Jailbreak Backdoors from Poisoned Human Feedback"
  ☆66Apr 24, 2024Updated last year