A practical guide to shielding your art from AI training — 7 data poisoning and opt-out tools, how each works, and the honest limits of what they can do.

Stop AI From Training on Your Art: A Practical Guide to 7 Tools That Shield Your Work in 2026

Your art going up online used to be the whole point. Now it carries a second, quieter cost: the moment an image is public and indexable, it can be swept into a training set for an AI image model without your name, your consent, or a cent in your pocket. Together, the two best-known defense tools have been downloaded close to nine million times — a rough measure of how many artists feel that tension.

The good news is that you have real options, and several are free. The honest news, which most guides skip, is that none of them is a force field. Some confuse the machine, some ask companies to leave your work alone, and a 2025 research result showed that the strongest poisoning tools can be detected and partly stripped. This guide walks through 7 tools that do meaningful work today — what each one actually does, who made it, and where it falls short — so you can stack them with clear eyes instead of false confidence.

Two Different Jobs: Poisoning vs. Opting Out

Before the list, one distinction makes everything else easier to understand. Protection tools fall into two camps, and they solve different problems.

Data poisoning tools change your image at the pixel level. The edits are subtle to a human eye but disruptive to a model trying to learn from the picture. They work whether or not any company cooperates, because the defense lives inside the file itself. Opt-out tools take the opposite approach: they leave your art untouched and instead register a request — a signal or a database entry — that says "do not train on this." That only works when the company doing the scraping chooses to honor it.

Neither camp is strictly better. Poisoning is active but can be reverse-engineered. Opt-out is clean and reversible but depends on goodwill. Using one from each column is the sensible move, and that is how the seven below are meant to be combined. If some of these terms are new to you, our AI Glossary breaks down concepts like training data and model scraping in everyday terms.

The Data Poisoning Tools

1. Glaze — Style Cloaking

Glaze, developed by a research team at the University of Chicago, targets one specific threat: style mimicry. It applies small, mostly invisible changes that interfere with a model's ability to read your stylistic fingerprint — the brushwork, palette, and line quality that make your work recognizably yours. A model trained on Glazed images has a harder time reproducing "art in your style" on demand. It is free, and there is a downloadable app for Windows and Mac.

2. Nightshade — Active Poisoning

From the same University of Chicago team, Nightshade goes further than defense. Instead of just hiding your style, it corrupts the learning process by teaching the model false associations — an image labeled one way is nudged to be perceived as something else entirely. At scale, enough Nightshaded images in a dataset degrade the model's reliability. It is also free. One practical limit worth knowing: the team notes Nightshade and Glaze cannot currently be applied to the same image at the same time, so you choose the job that matters more for a given piece.

3. WebGlaze — Glaze Without a Powerful GPU

Both Glaze and Nightshade run heavy processing, which means they want a capable graphics card to work at reasonable speed. WebGlaze, also from the Glaze Project team, moves that work to the cloud so artists without strong hardware can still cloak their images through a browser. Access has been invite-based rather than fully open, so it is worth checking the project's current status, but it closes a real gap for anyone on a laptop or older machine.

Honest limitation

In 2025, researchers from the University of Cambridge, TU Darmstadt, and UT San Antonio published a method called LightShed that can detect, reverse-engineer, and remove these poisoning distortions with very high accuracy. The takeaway is not "don't bother" — poisoning still raises the cost and effort for a careless scraper. The takeaway is to treat it as friction, not a guarantee, and to pair it with the opt-out tools below.

The Opt-Out Tools

4. Have I Been Trained — The Do Not Train Registry

Built by Spawning AI, Have I Been Trained lets you search large public datasets to see whether your images were captured, then add them to a "Do Not Train" registry. It became a recognized standard when Stability AI agreed to honor Spawning's opt-outs for a version of Stable Diffusion, and platform partnerships have folded in millions of works. The honest caveat is built into how it functions: it is a request a company can choose to respect or ignore at download time, and it cannot remove your art from a model that was already trained.

5. DeviantArt — Automatic noai Flagging

If you host work on DeviantArt, the platform automatically labels deviations as not authorized for AI datasets, and those opt-outs have historically been passed into Spawning's Do Not Train registry. You can also move older work to storage to pull it from public view. Two things to keep in mind: the flag is a metadata signal that outside parties have to honor, and changing the setting today does nothing about images scraped years ago.

6. ArtStation — Project-Level NoAI Tags

ArtStation supports NoAI tags that you apply to individual projects to signal that the work is off-limits for AI training. The mechanism is the same kind of request as the registry approach — it depends on scrapers and companies respecting ArtStation's terms and the signal. ArtStation does allow AI-generated work under its rules with required tagging, so it is a mixed environment, but the NoAI tag gives you a clear, per-project way to state your position.

7. Cara — A Platform Built Around the Opt-Out

Cara, created by photographer and artist Jingna Zhang, takes a platform-level stance: it does not train AI models on user content and automatically applies NoAI tags to everything posted, so the opt-out is the default instead of a setting you have to find. It grew fast among artists for that reason. The same caveat applies that applies everywhere — public images can still be hit by scrapers that ignore the tags — but starting from "protected by default" is a meaningfully different posture than most platforms offer.

A Simple Way to Stack Them

You do not need all seven on every image. The point is to combine one active defense with one or more opt-out signals, then keep records. Here is a workflow that holds up:

  1. Decide the job per piece: Glaze if you mainly fear style theft, Nightshade if you want to actively degrade training, using WebGlaze if your hardware can't run the desktop apps.
  2. Register the originals with Have I Been Trained and add them to the Do Not Train list.
  3. Host where the opt-out is respected or automatic — Cara by default, or DeviantArt and ArtStation with their NoAI flags applied.
  4. Keep dated original files and screenshots of where each piece was first posted, in case you ever need to show provenance.
Key takeaway

The only protection that always works is the oldest one: if something is public and indexable, assume it can be taken. Everything on this list raises the cost, the effort, or the consent bar — and stacking several is far better than trusting one. But treat them as layered friction, not a lock, and make your sharing decisions accordingly.

What These Tools Can't Do

It would be easy to read a list like this and feel fully covered. You are not, and pretending otherwise does you no favors. Poisoning can be partly reversed by methods like LightShed. Opt-out registries and NoAI tags only bind companies that agree to play along, and the worst actors are exactly the ones who won't. Nothing here retroactively pulls your work out of a model that already trained on it. And these tools address training and style mimicry — they are not a copyright claim or legal protection on their own.

None of that makes them pointless. It makes them a realistic toolkit. Used together, they shift you from defenseless to deliberately harder to exploit, which is a real improvement. The artists getting the most out of this approach are the ones who layer defenses, keep good records, and stay honest with themselves about where the gaps are. For more practical, no-hype guidance on working alongside AI, the Cybnex Labs Help Center is a good next stop.

— Cybnex Labs