DiffMI: Breaking Face Recognition Privacy via Diffusion-Driven Training-Free Model Inversion

ArXi:2504.18015v4 Announce Type: replace-cross Face recognition poses serious privacy risks due to its reliance on sensitive and immutable biometric data. While modern systems mitigate privacy risks by mapping facial images to embeddings (commonly regarded as privacy-preserving), model inversion attacks reveal that identity information can still be recovered, exposing critical vulnerabilities. However, existing attacks are often computationally expensive and lack generalization, especially those requiring target-specific