Adversarial Attacks on Multimodal Large Language Models: A Comprehensive Survey

Dimensions overall score 3.0

GitHub Code Pulse

No public code linked for this paper yet.

• Multimodal large language models (MLLMs) have an expanded attack surface due to vulnerabilities arising from the complex interplay and fusion mechanisms between combined modalities, not just from weaknesses within individual modality processing.technical 90%
• Cross-modal prompt injection is a key attack vector that exploits MLLMs' instruction-following nature by embedding malicious commands within one modality to influence the model's behavior.technical 85%
• A shared high-dimensional embedding space used by MLLMs to align heterogeneous inputs is a critical vulnerability, as adversaries can craft inputs that are perceptually benign but semantically misleading in the latent space.technical 88%
• Jailbreak attacks on MLLMs explicitly target harmlessness and policy compliance, often exploiting the fact that safety alignment is strongest for text, while non-text modalities provide alternate channels for attack.technical 87%
• Discrete trigger attacks on MLLMs rely on structured artifacts (like patches or patterns) that are reusable across diverse inputs to induce consistent integrity failures, unlike per-instance optimized signal perturbations.method 86%
• End-to-end certification of multimodal fusion, autoregressive decoding, and instruction-following behavior against adversarial attacks remains challenging, leaving many high-level safety attacks outside the scope of current guarantees.limitation 82%
• Organizing adversarial attacks by primary adversarial objective (like loss of correctness or safety) is more effective than modality-based taxonomies because it captures system-level failures independent of attack instantiation.method 80%

Competitive landscape

Competitor map is still being generated for this paper. Enable generation or check back soon.

Startup potential card