Abstract
The inherent semantic symmetry and cross-modal alignment between textual prompts and generated images have fueled the success of text-to-image (T2I) generation. However, this strong correlation also introduces security vulnerabilities, specifically prompt stealing attacks, where valuable prompts are reverse-engineered from images. In this paper, we address the challenge of information asymmetry in black-box attack scenarios and propose PromptTrace, a fine-grained prompt stealing framework via Contrastive Language-Image Pre-training (CLIP)-guidedbeam search. Unlike existing methods that rely on single-stage generation, PromptTrace structurally decomposes prompt reconstruction into subject generation, modifier extraction, and iterative search optimization to effectively restore the visual–textual correspondence. By leveraging a CLIP-guided beam search strategy, our method progressively optimizes candidate prompts based on image–text similarity feedback, ensuring the stolen prompt achieves high fidelity in both semantic intent and stylistic representation. Extensive evaluations across multiple datasets and T2I models demonstrate that PromptTrace outperforms existing methods, highlighting the feasibility of exploiting cross-modal symmetry for attacks and underscoring the urgent need for defense mechanisms in the T2I ecosystem.