Challenge: Recent research shows that multimodal large language models are vulnerable to jailbreak attacks .
Approach: They propose a jailbreak attack method based on auto-generated flowcharts . the flowchartings are then combined with a benign textual prompt to execute the attack .
Outcome: The proposed method achieves an attack success rate of up to 96% via images and 78% via videos across multiple MLLMs.

Similar Papers

From LLMs to MLLMs: Exploring the Landscape of Multimodal Jailbreaking (2024.emnlp-main)

Copied to clipboard

Challenge: Recent advances in Large Language Models (LLMs) have demonstrated remarkable performance across various tasks, effectively following instructions to meet diverse user needs.
Approach: They propose a framework for evaluation benchmarks and attack techniques for LLMs and MLLMs to enhance their security.
Outcome: The proposed frameworks have been exploited to exploit the weaknesses of LLMs and MLLMs.
Jailbreaking Multimodal Large Language Models using Multi-Clip Video (2026.acl-long)

Copied to clipboard

Challenge: Existing studies show that video inputs can bypass safety alignment, yet it remains unclear which properties of video input induce this vulnerability.
Approach: They propose a simple image-based defense that mitigates the vulnerability of MLLMs by analyzing video inputs.
Outcome: The proposed defense leverages the relative robustness of the image modality.
Reference Attack: A New Cross-Modal Jailbreaking Attack against Multimodal Large Language Models (2026.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have raised significant safety concerns about generated content, drawing attention from both academia and industry.
Approach: They propose a reference-guided cross-modal jailbreak method that enhances existing prompt-to-image injection attacks by exploiting MLLMs’ semantic reconstruction capabilities.
Outcome: The proposed method achieves an attack success rate of over 93% on leading MLLMs including ChatGPT, Gemini, Claude, and the widely used open-source LLaMA model.
MLLM-Protector: Ensuring MLLM’s Safety without Hurting Performance (2024.emnlp-main)

Copied to clipboard

Challenge: MLLMs are deployed on limited image-text pairs, which makes them more vulnerable to catastrophic forgetting of their original abilities during safety fine-tuning.
Approach: They propose a plug-and-play strategy that detects harmful visual inputs and transforms harmful ones into harmless ones.
Outcome: The proposed approach mitigates the risks posed by malicious visual inputs without compromising the original performance of MLLMs.
A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models (2024.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated capabilities for generating content that could be deemed harmful.
Approach: They conduct a comprehensive analysis of existing studies on jailbreaking LLMs and their defense techniques.
Outcome: The proposed techniques underperform existing white-box attacks and include special tokens significantly affects the likelihood of successful attacks.
GAMBIT: A Gamified Jailbreak Framework for Multimodal Large Language Models (2026.acl-long)

Copied to clipboard

Challenge: Existing attacks focus on increasing the complexity of the modified visual task and do not explicitly leverage the model’s own reasoning incentives.
Approach: They propose a framework that decomposes and reassembles harmful visual semantics and constructs a gamified scene that drives the model to explore, reconstruct intent and answer as part of winning the game.
Outcome: Experiments on reasoning and non-reasoning MLLMs show that the proposed framework outperforms baseline models on both vision and text.
Visual Contextual Attack: Jailbreaking MLLMs with Image-Driven Context Injection (2025.emnlp-main)

Copied to clipboard

Challenge: Recent studies have shown that visual encoders can induce harmful behavior in multimodal large language models.
Approach: They propose a vision-centric jailbreak attack that uses visual information to create a jailbreak context.
Outcome: The proposed attack outperforms baseline attacks on MM-SafetyBench and GPT-4o.
Jailbreak Large Vision-Language Models Through Multi-Modal Linkage (2025.acl-long)

Copied to clipboard

Challenge: Existing methods to jailbreak large vision-language models fail against cutting-edge models such as GPT-4o, despite having undergone safety alignment training.
Approach: They propose a new framework for jailbreaking large vision-language models that uses an encryption-decryption process to mitigate the over-exposure of harmful information.
Outcome: The proposed framework jailbreaks GPT-4o with 99.40% success rates on SafeBench, 98.81% on MM-SafeBench and 99.07% on HADES-Dataset.
\mathsf{Con Instruction}: Universal Jailbreaking of Multimodal Large Language Models via Non-Textual Modalities (2025.acl-long)

Copied to clipboard

Challenge: Existing attacks communicate instruction through text, accompanied by a toxic image or audio . a novel gray-box attack method generates adversarial images or audio to convey harmful instructions to MLLMs .
Approach: They propose a gray-box attack method that generates adversarial images or audio to convey specific harmful instructions to MLLMs by following non-textual instruction.
Outcome: The proposed method achieves highest success rates on visual and audio-language models . larger models are more susceptible toCon Instruction, compared to their underlying models - the results will be released .
Rethinking Jailbreak Detection of Large Vision Language Models with Representational Contrastive Scoring (2026.acl-long)

Copied to clipboard

Challenge: Large Vision-Language Models (LVLMs) are vulnerable to a growing array of multimodal jailbreak attacks, necessitating a generalizable defense that is efficient for practical deployment.
Approach: They propose a framework that uses a lightweight projection to separate benign and malicious inputs in safety-critical layers.
Outcome: The proposed framework enables a simple yet powerful contrastive score that differentiates true malicious intent from mere distribution shift.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations