Jailbreak Attacks and Defenses against Multimodal Generative Models: A Survey

TL;DR

This survey comprehensively reviews jailbreak attacks and defenses in multimodal generative models, analyzing attack methods, defense strategies, and evaluation frameworks across various modalities and system levels to ensure safer deployment.

Contribution

It provides a detailed taxonomy of attack and defense methods in multimodal models, covering multiple modalities and proposing future research directions.

Findings

Systematic exploration of attacks and defenses across four levels

Taxonomy of attack methods, defense mechanisms, and evaluation frameworks

Identification of current research challenges and future directions

Abstract

The rapid evolution of multimodal foundation models has led to significant advancements in cross-modal understanding and generation across diverse modalities, including text, images, audio, and video. However, these models remain susceptible to jailbreak attacks, which can bypass built-in safety mechanisms and induce the production of potentially harmful content. Consequently, understanding the methods of jailbreak attacks and existing defense mechanisms is essential to ensure the safe deployment of multimodal generative models in real-world scenarios, particularly in security-sensitive applications. To provide comprehensive insight into this topic, this survey reviews jailbreak and defense in multimodal generative models. First, given the generalized lifecycle of multimodal jailbreak, we systematically explore attacks and corresponding defense strategies across four levels: input, encoder, generator, and output. Based on this analysis, we present a detailed taxonomy of attack methods, defense mechanisms, and evaluation frameworks specific to multimodal generative models. Additionally, we cover a wide range of input-output configurations, including modalities such as Any-to-Text, Any-to-Vision, and Any-to-Any within generative systems. Finally, we highlight current research challenges and propose potential directions for future research. The open-source repository corresponding to this work can be found at https://github.com/liuxuannan/Awesome-Multimodal-Jailbreak.