Glaze is a defensive tool described in a paper first posted to arXiv on February 8, 2023, by Shawn Shan, Jenna Cryan, Emily Wenger, Haitao Zheng, Rana Hanocka, and Ben Y. Zhao of the University of Chicago. It responds to a specific harm of text-to-image models: an outsider can fine-tune a model on a handful of an artist’s pieces and then generate unlimited new images “in the style of” that artist, without consent or payment.
The method applies what the authors call “style cloaks” - barely perceptible perturbations added to an image before the artist posts it online. To a human the picture looks unchanged, but when a model trains on cloaked images it learns a shifted, wrong version of the style, so prompts asking for that artist’s look produce mismatched results. The paper reports disruption rates above 92 percent under normal conditions and above 85 percent even against adaptive countermeasures at a low perturbation level, and it was validated with a user study of more than 1,000 working artists. The work won a Distinguished Paper Award at USENIX Security 2023.
Glaze borrows directly from adversarial-example research, repurposing a technique normally used to attack classifiers into a shield for creators. It does not remove already-trained styles or stop a determined attacker forever; it raises the cost and buys artists time.
Why business readers should care: Glaze was one of the first concrete, downloadable answers to “what can a creator actually do?” in the training-data fight, and it framed the issue as an arms race rather than a one-time fix - a framing that now shapes how companies think about content protection and consent.