Infecting Generative AI With Viruses

TL;DR

This paper explores security vulnerabilities in Vision-Large Language Models by embedding and executing malicious test files within images, revealing potential risks in AI platform safety and file handling.

Contribution

It introduces a novel method for testing LLM security using embedded EICAR test files in images across multiple platforms, demonstrating potential exploitation techniques.

Findings

EICAR signatures masked in image metadata without detection

Successful extraction of test files within LLM environments

Use of obfuscation techniques like base64 encoding and string reversal

Abstract

This study demonstrates a novel approach to testing the security boundaries of Vision-Large Language Model (VLM/ LLM) using the EICAR test file embedded within JPEG images. We successfully executed four distinct protocols across multiple LLM platforms, including OpenAI GPT-4o, Microsoft Copilot, Google Gemini 1.5 Pro, and Anthropic Claude 3.5 Sonnet. The experiments validated that a modified JPEG containing the EICAR signature could be uploaded, manipulated, and potentially executed within LLM virtual workspaces. Key findings include: 1) consistent ability to mask the EICAR string in image metadata without detection, 2) successful extraction of the test file using Python-based manipulation within LLM environments, and 3) demonstration of multiple obfuscation techniques including base64 encoding and string reversal. This research extends Microsoft Research's "Penetration Testing Rules of Engagement" framework to evaluate cloud-based generative AI and LLM security boundaries, particularly focusing on file handling and execution capabilities within containerized environments.