Existing black-box data protection tools are vulnerable to practical usability attacks when even a small amount of in-distribution unprotected data is available, exposing an inherent security weakness. This work presents the first systematic analysis of this vulnerability and introduces BridgePure—a diffusion-based bridging model that learns to invert protection without access to the protected algorithm’s internals, requiring only query-based (original/protected) sample pairs for training. BridgePure integrates adversarial querying strategies with end-to-end in-distribution mapping modeling to efficiently “de-protect” arbitrary new inputs. Evaluated on classification and style transfer tasks, BridgePure significantly outperforms state-of-the-art inversion methods, achieving high-fidelity reconstruction of both semantic content and visual features. Empirical results demonstrate that widely adopted black-box protection tools suffer from critical defense failures under realistic threat models.

Availability attacks, or unlearnable examples, are defensive techniques that allow data owners to modify their datasets in ways that prevent unauthorized machine learning models from learning effectively while maintaining the data's intended functionality. It has led to the release of popular black-box tools for users to upload personal data and receive protected counterparts. In this work, we show such black-box protections can be substantially bypassed if a small set of unprotected in-distribution data is available. Specifically, an adversary can (1) easily acquire (unprotected, protected) pairs by querying the black-box protections with the unprotected dataset; and (2) train a diffusion bridge model to build a mapping. This mapping, termed BridgePure, can effectively remove the protection from any previously unseen data within the same distribution. Under this threat model, our method demonstrates superior purification performance on classification and style mimicry tasks, exposing critical vulnerabilities in black-box data protection.