Existing semantic watermarking schemes for generative models remain vulnerable under adversarial conditions—particularly against resource-constrained, model-agnostic attacks with zero access to the watermarked model. To address this, we propose a training-free, single-image attack method that jointly optimizes representations in both latent and frequency domains. Our approach projects watermarked images onto natural image priors while simultaneously suppressing watermark signals and preserving visual fidelity. This constitutes the first dual-domain joint optimization framework compatible with diverse watermark encoding schemes, enabling efficient watermark removal under zero-query and low-compute constraints. Experiments demonstrate that our method significantly reduces watermark detectability (average reduction >70%) and achieves superior PSNR and SSIM scores compared to state-of-the-art attacks. These results expose a fundamental security deficiency in current semantic watermarking mechanisms.

The growing use of generative models has intensified the need for watermarking methods that ensure content attribution and provenance. While recent semantic watermarking schemes improve robustness by embedding signals in latent or frequency representations, we show they remain vulnerable even under resource-constrained adversarial settings. We present D2RA, a training-free, single-image attack that removes or weakens watermarks without access to the underlying model. By projecting watermarked images onto natural priors across complementary representations, D2RA suppresses watermark signals while preserving visual fidelity. Experiments across diverse watermarking schemes demonstrate that our approach consistently reduces watermark detectability, revealing fundamental weaknesses in current designs. Our code is available at https://github.com/Pragati-Meshram/DAWN.