arXiv: Customization under Fire: Plugin Poisoning in Text-to-Image Ecosystem

A new research paper, titled "Customization under Fire: Plugin Poisoning in Text-to-Image Ecosystem," has been published on arXiv, highlighting a significant security vulnerability in AI-driven text-to-image systems. The study demonstrates how malicious actors can inject poisoned plugins or custom model adapters into these ecosystems, leading to the generation of harmful, biased, or policy-violating content. This is not a regulatory change per se, but a critical emerging risk that falls under the AI_SAFETY framework, as it directly threatens compliance with existing AI safety and content moderation obligations under the EU AI Act and related digital services regulations.

Organizations most affected include developers and deployers of text-to-image generative AI systems, particularly those offering plugin marketplaces or allowing third-party model customization. This spans sectors such as creative software, advertising, e-commerce, and social media platforms. Compliance teams in these sectors must now consider that their supply chain for AI components—specifically plugins and adapters—introduces new vectors for non-compliance, including generation of illegal content, bias amplification, or copyright infringement.

Compliance teams should immediately conduct a risk assessment of their text-to-image ecosystem's plugin and customization pipeline. This includes reviewing existing due diligence processes for third-party plugins, implementing runtime content filtering for generated outputs, and updating incident response plans to account for plugin poisoning attacks. Additionally, teams should document these risks in their AI system risk management files, as required under the EU AI Act, and consider whether these vulnerabilities necessitate a reclassification of their system's risk tier. Proactive engagement with the research community and participation in industry standards for plugin security will also be essential.