Spaces:
Running on Zero
Running on Zero
| title: SamplingTAR Defense | |
| emoji: 🛡️ | |
| colorFrom: yellow | |
| colorTo: red | |
| sdk: gradio | |
| sdk_version: 6.19.0 | |
| app_file: app.py | |
| short_description: Training-free typographic attack defense for CLIP | |
| python_version: "3.12" | |
| startup_duration_timeout: 30m | |
| # SamplingTAR: Training-free Defense against Typographic Attacks | |
| Interactive demo of the training-free concept localization method from | |
| [Towards Robustness against Typographic Attack with Training-free Concept Localization](https://huggingface.co/papers/2607.02494). | |
| ## How it works | |
| Typographic attacks overlay text on images to fool vision-language models like CLIP | |
| into predicting the text rather than the actual object. SamplingTAR defends against | |
| these attacks **without any training** by: | |
| 1. **Mining text-reading heads** — Randomly-initialised Sparse Autoencoders (SAEs) | |
| probe which attention heads in CLIP's vision transformer localise to text regions. | |
| 2. **Ablating text heads** — At inference, the CLS-token attention from those heads | |
| to text patches is redistributed, neutralising the typographic attack. | |
| ## Usage | |
| 1. Upload an image (or use an example). | |
| 2. Enter candidate labels (comma-separated). | |
| 3. Click "Run Defense" to compare undefended vs. defended predictions and view | |
| attention heatmaps. |