Image-to-Text Logic Jailbreak: Your Imagination can Help You Do Anything

TL;DR

This paper introduces a new dataset and evaluates the vulnerability of visual language models to logic-based jailbreaks using flowcharts, revealing high jailbreak success rates and highlighting security concerns.

Contribution

The study presents the Flow-JD dataset and demonstrates that current VLMs are highly susceptible to logic-based jailbreaks using flowcharts.

Findings

Jailbreak rate reaches up to 92.8% on evaluated models.

Flow-JD dataset effectively assesses logic-based vulnerabilities.

Current VLMs show significant security weaknesses.

Abstract

Large Visual Language Model\textbfs (VLMs) such as GPT-4V have achieved remarkable success in generating comprehensive and nuanced responses. Researchers have proposed various benchmarks for evaluating the capabilities of VLMs. With the integration of visual and text inputs in VLMs, new security issues emerge, as malicious attackers can exploit multiple modalities to achieve their objectives. This has led to increasing attention on the vulnerabilities of VLMs to jailbreak. Most existing research focuses on generating adversarial images or nonsensical image to jailbreak these models. However, no researchers evaluate whether logic understanding capabilities of VLMs in flowchart can influence jailbreak. Therefore, to fill this gap, this paper first introduces a novel dataset Flow-JD specifically designed to evaluate the logic-based flowchart jailbreak capabilities of VLMs. We conduct an extensive evaluation on GPT-4o, GPT-4V, other 5 SOTA open source VLMs and the jailbreak rate is up to 92.8%. Our research reveals significant vulnerabilities in current VLMs concerning image-to-text jailbreak and these findings underscore the the urgency for the development of robust and effective future defenses.