Fake image detectors are trained on pairs: real images and fake images from specific generators. They learn the boundary between real and fake. When tested against the generators in their training set, they perform well. When tested against new generators — which produce different artifacts — they fail catastrophically. The detector learned the specifics of known fakes, not the general property of being fake.
Dhakal and colleagues (arXiv:2602.20412) invert the problem. Instead of learning what fake images look like, learn what real images look like. Build a tight decision boundary around the real image distribution. Anything outside it is suspicious. The fake images are no longer the training signal — they are whatever falls outside the boundary.
SimLBR uses latent blending regularization to tighten this boundary. The result: +24.85% accuracy and +69.62% recall improvement on the Chameleon benchmark, which is specifically designed to include hard cases from diverse generators. The detector generalizes because it doesn't depend on knowing the generator — it depends on knowing reality.
The inversion solves the overfitting problem structurally. The space of possible fake images is unbounded — every new generator creates a new region to cover. The space of real images is bounded — reality has consistent statistical properties. Learning the bounded set is a tractable problem. Learning the complement of a bounded set is not.
The general observation: when the positive class is diverse and expanding (new generators, new attacks, new threats), learning the positive class overfits. Learning the negative class — what normal looks like — generalizes. The right framing depends on which distribution is stable. If reality is stable and fakery is diverse, model reality.