DDIM’s deterministic inversion in diffusion models is widely exploited for generating deepfakes; existing defenses (e.g., AdvDM, PhotoGuard) suffer from limited efficacy because their attack objectives misalign with the actual denoising trajectory. Method: We propose the first adversarial perturbation method targeting the *entire* latent trajectory of DDIM inversion—directly optimizing the attack objective along the iterative inversion path to precisely disrupt malicious editing processes. Our approach enforces trajectory consistency constraints to enhance robustness against diverse editing operations (e.g., face swapping, attribute manipulation). Contribution/Results: Experiments demonstrate that our method consistently outperforms state-of-the-art defenses across multiple benchmarks in tampering prevention, achieving superior robustness, generalizability, and fidelity preservation. This work establishes a new paradigm for secure, controllable deployment of diffusion models.

Diffusion models have shown to be strong representation learners, showcasing state-of-the-art performance across multiple domains. Aside from accelerated sampling, DDIM also enables the inversion of real images back to their latent codes. A direct inheriting application of this inversion operation is real image editing, where the inversion yields latent trajectories to be utilized during the synthesis of the edited image. Unfortunately, this practical tool has enabled malicious users to freely synthesize misinformative or deepfake contents with greater ease, which promotes the spread of unethical and abusive, as well as privacy-, and copyright-infringing contents. While defensive algorithms such as AdvDM and Photoguard have been shown to disrupt the diffusion process on these images, the misalignment between their objectives and the iterative denoising trajectory at test time results in weak disruptive performance.In this work, we present the DDIM Inversion Attack (DIA) that attacks the integrated DDIM trajectory path. Our results support the effective disruption, surpassing previous defensive methods across various editing methods. We believe that our frameworks and results can provide practical defense methods against the malicious use of AI for both the industry and the research community. Our code is available here: https://anonymous.4open.science/r/DIA-13419/.