Challenge: Text-based image generation models, such as Stable Diffusion and DALL-E 3, hold significant potential in content creation and publishing workflows . however, considerable efforts are being made to prevent the generation of harmful content, such abusive, violent, or pornographic material.
Approach: They propose a chain-of-jailbreak method which decomposes malicious queries into multiple sub-queries and iteratively edits images based on these sub-questions.
Outcome: The proposed method can bypass safeguards of image generation models for over 60% cases, significantly outperforms other jailbreaking methods (14%)

Similar Papers

Jailbreaking Prompt Attack: A Controllable Adversarial Attack against Diffusion Models (2025.findings-naacl)

Copied to clipboard

Challenge: Text-to-image (T2I) models can be used to generate harmful content such as sexually explicit, unfaithful, and misleading or Not-Safe-for-Work (NSFW) images.
Approach: They propose a more practical and universal attack that does not require the presence of a target model.
Outcome: The proposed attack bypasses both text and image safety checkers while preserving high semantic alignment with the target prompt.
Multimodal Pragmatic Jailbreak on Text-to-image Models (2025.acl-long)

Copied to clipboard

Challenge: Existing jailbreaks for diffusion-based text-to-image models generate unsafe content . experimental results show that all tested models suffer from unsafe generation .
Approach: They propose a jailbreak that triggers diffusion-based text-to-image models to generate the image with visual text, resulting in unsafe content.
Outcome: The proposed model generates image with visual text, but the model is unsafe under such jailbreak.
Jailbreaking Safeguarded Text-to-Image Models via Large Language Models (2026.findings-eacl)

Copied to clipboard

Challenge: Text-to-image models generate harmful content when unsafe prompts are submitted . authors propose a method to jailbreak text-to image models with safety guardrails .
Approach: They propose a method to jailbreak text-to-image models with safety guardrails . they use a fine-tuned large language model to generate adversarial prompts based on unsafe prompts.
Outcome: The proposed method bypasses safety guardrails and outperforms existing no-box attacks . the proposed method generates adversarial prompts efficiently after fine-tuning the model .
Activation-Guided Local Editing for Jailbreaking Attacks (2026.acl-long)

Copied to clipboard

Challenge: Existing methods for jailbreaking Large Language Models (LLMs) are limited and produce incoherent or unreadable inputs.
Approach: They propose a two-stage framework that performs a one-shot, scenario-based generation of context and rephrases the original malicious query to obscure its harmful intent.
Outcome: The proposed framework achieves state-of-the-art Attack Success Rate, with gains of up to 37.74% over the strongest baseline, and excellent transferability to black-box and large-scale models.
SequentialBreak: Large Language Models Can be Fooled by Embedding Jailbreak Prompts into Sequential Prompt Chains (2025.acl-srw)

Copied to clipboard

Challenge: SequentialBreak enables LLMs to bypass safety mechanisms by arranging malicious prompts in a single query.
Approach: They propose a single-query jailbreak technique that arranges multiple benign prompts in sequence with a hidden malicious instruction among them to bypass safety mechanisms.
Outcome: The proposed technique outperforms baselines on open-source and closed-source models.
A Wolf in Sheep’s Clothing: Generalized Nested Jailbreak Prompts can Fool Large Language Models Easily (2024.naacl-long)

Copied to clipboard

Challenge: Existing methods for generating 'jailbreaks' suffer from manual design or require optimization on other white-box models, which compromises either generalization or efficiency.
Approach: They propose a framework that leverages LLMs to generate effective jailbreak prompts and a generalized framework that can be used to generate prompts.
Outcome: The proposed framework improves the attack success rate while reducing the time cost compared to baselines.
Beyond the Safety Tax: Mitigating Unsafe Text-to-Image Generation via External Safety Rectification (2026.findings-acl)

Copied to clipboard

Challenge: Existing safety defenses typically intervene internally within the generative model, but suffer from severe concept entanglement, leading to degradation of benign generation quality.
Approach: They propose a structurally isolated safety module that performs external, interpretable rectification without modifying the base model.
Outcome: The proposed module performs external, interpretable rectification without modifying the base model.
A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated capabilities for generating content that could be deemed harmful.
Approach: They conduct a comprehensive analysis of existing studies on jailbreaking LLMs and their defense techniques.
Outcome: The proposed techniques underperform existing white-box attacks and include special tokens significantly affects the likelihood of successful attacks.
FC-Attack: Jailbreaking Multimodal Large Language Models via Auto-Generated Flowcharts (2025.findings-emnlp)

Copied to clipboard

Challenge: Recent research shows that multimodal large language models are vulnerable to jailbreak attacks .
Approach: They propose a jailbreak attack method based on auto-generated flowcharts . the flowchartings are then combined with a benign textual prompt to execute the attack .
Outcome: The proposed method achieves an attack success rate of up to 96% via images and 78% via videos across multiple MLLMs.
How Jailbreak Defenses Work and Ensemble? A Mechanistic Investigation (2025.findings-emnlp)

Copied to clipboard

Challenge: Jailbreak attacks, where harmful prompts bypass generative models’ built-in safety, raise serious concerns about model vulnerability.
Approach: They propose to reframe the standard generation task as a binary classification problem to assess model refusal tendencies for both harmful and benign queries.
Outcome: The proposed defenses improve model safety or optimize the trade-off between safety and helpfulness.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations