Challenge: Multimodal Large Language Models (MLLMs) are increasingly being deployed as content moderators . however, they exploit the Human-AI capability gap and create adversarial environments . smuggling attacks exploit the human-AI gap and exploit the vulnerability .
Approach: They construct a benchmark to evaluate the vulnerability of MLLMs as content moderators . they identify three root causes: limited capabilities of vision encoders, robustness gap in OCR .
Outcome: The proposed model exploits the Human-AI capability gap and is vulnerable to smuggling attacks.

Similar Papers

From LLMs to MLLMs: Exploring the Landscape of Multimodal Jailbreaking (2024.emnlp-main)

Copied to clipboard

Challenge: Recent advances in Large Language Models (LLMs) have demonstrated remarkable performance across various tasks, effectively following instructions to meet diverse user needs.
Approach: They propose a framework for evaluation benchmarks and attack techniques for LLMs and MLLMs to enhance their security.
Outcome: The proposed frameworks have been exploited to exploit the weaknesses of LLMs and MLLMs.
MLLM-Protector: Ensuring MLLM’s Safety without Hurting Performance (2024.emnlp-main)

Copied to clipboard

Challenge: MLLMs are deployed on limited image-text pairs, which makes them more vulnerable to catastrophic forgetting of their original abilities during safety fine-tuning.
Approach: They propose a plug-and-play strategy that detects harmful visual inputs and transforms harmful ones into harmless ones.
Outcome: The proposed approach mitigates the risks posed by malicious visual inputs without compromising the original performance of MLLMs.
\mathsf{Con Instruction}: Universal Jailbreaking of Multimodal Large Language Models via Non-Textual Modalities (2025.acl-long)

Copied to clipboard

Challenge: Existing attacks communicate instruction through text, accompanied by a toxic image or audio . a novel gray-box attack method generates adversarial images or audio to convey harmful instructions to MLLMs .
Approach: They propose a gray-box attack method that generates adversarial images or audio to convey specific harmful instructions to MLLMs by following non-textual instruction.
Outcome: The proposed method achieves highest success rates on visual and audio-language models . larger models are more susceptible toCon Instruction, compared to their underlying models - the results will be released .
SafeSteer: A Decoding-level Defense Mechanism for Multimodal Large Language Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing defense methods rely on fine-tuning or inefficient post-hoc interventions, limiting their ability to address novel attacks.
Approach: They propose a decoding-level defense mechanism that employs a lightweight discriminator to iteratively steer the decoding process toward safety.
Outcome: The proposed method improves safety performance by up to 33.40% without fine-tuning on multiple MLLMs.
RMLM: A Flexible Defense Framework for Proactively Mitigating Word-level Adversarial Attacks (2023.acl-long)

Copied to clipboard

Challenge: Existing defenses focus on improving robustness of the victim model in training, but neglect to mitigate adversarial attacks during inference.
Approach: They propose a framework that confuses attackers and corrects adversarial contexts . their framework helps improve the robustness of the victim model during inference .
Outcome: The proposed framework improves the robustness of the victim model in training . it also corrects abnormal contexts in the representation level and filtering out examples .
GAMBIT: A Gamified Jailbreak Framework for Multimodal Large Language Models (2026.acl-long)

Copied to clipboard

Challenge: Existing attacks focus on increasing the complexity of the modified visual task and do not explicitly leverage the model’s own reasoning incentives.
Approach: They propose a framework that decomposes and reassembles harmful visual semantics and constructs a gamified scene that drives the model to explore, reconstruct intent and answer as part of winning the game.
Outcome: Experiments on reasoning and non-reasoning MLLMs show that the proposed framework outperforms baseline models on both vision and text.
FC-Attack: Jailbreaking Multimodal Large Language Models via Auto-Generated Flowcharts (2025.findings-emnlp)

Copied to clipboard

Challenge: Recent research shows that multimodal large language models are vulnerable to jailbreak attacks .
Approach: They propose a jailbreak attack method based on auto-generated flowcharts . the flowchartings are then combined with a benign textual prompt to execute the attack .
Outcome: The proposed method achieves an attack success rate of up to 96% via images and 78% via videos across multiple MLLMs.
Vulnerabilities of Large Language Models to Adversarial Attacks (2024.acl-tutorials)

Copied to clipboard

Challenge: This tutorial focuses on the vulnerabilities of Large Language Models to adversarial attacks . the tutorial lays the foundation by explaining safety-aligned models and concepts in cybersecurity .
Approach: This tutorial lays the foundation by explaining safety-aligned LLMs and concepts in cybersecurity.
Outcome: The tutorial lays the foundation by explaining safety-aligned models and concepts in cybersecurity.
Humanizing Machine-Generated Content: Evading AI-Text Detection through Adversarial Attack (2024.lrec-main)

Copied to clipboard

Challenge: Despite the development of large language models, there are still significant challenges in detecting whether text is generated by a machine.
Approach: They propose a framework for a broader class of adversarial attacks to perform minor perturbations in machine-generated content to evade detection.
Outcome: The proposed framework can be compromised in as little as 10 seconds, and improves over iterative adversarial learning.
Shadow-Activated Backdoor Attacks on Multimodal Large Language Models (2025.findings-acl)

Copied to clipboard

Challenge: Existing backdoor attacks on Multimodal Large Language Models are less applicable to open-ended conversations with users.
Approach: They propose a shadow-activated backdoor attack scenario where attackers inject malicious content into the responses of MLLMs when the responses explicitly relate to the shadowed object.
Outcome: The proposed framework achieves the desired behaviors by constructing a poisoned dataset and implementing an attention-regularized tuning strategy.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations