Attacks on multimodal models

TL;DR

This paper investigates vulnerabilities in multimodal models, especially focusing on attacks on pre-trained components like CLIP, to understand their security risks and generalization capabilities in practical applications.

Contribution

It provides a comprehensive analysis of attack methods on multimodal models, emphasizing vulnerabilities inherited from open-source components like CLIP.

Findings

Vulnerabilities in CLIP-based image encoders are exploitable through patch attacks.

Multimodal models show varying robustness depending on attack type and component used.

Open-source pre-trained models can inherit and amplify security risks.

Abstract

Today, models capable of working with various modalities simultaneously in a chat format are gaining increasing popularity. Despite this, there is an issue of potential attacks on these models, especially considering that many of them include open-source components. It is important to study whether the vulnerabilities of these components are inherited and how dangerous this can be when using such models in the industry. This work is dedicated to researching various types of attacks on such models and evaluating their generalization capabilities. Modern VLM models (LLaVA, BLIP, etc.) often use pre-trained parts from other models, so the main part of this research focuses on them, specifically on the CLIP architecture and its image encoder (CLIP-ViT) and various patch attack variations for it.