Beyond Text: Unveiling Privacy Vulnerabilities in Multi-modal Retrieval-Augmented Generation

TL;DR

This paper uncovers privacy vulnerabilities in multimodal retrieval-augmented generation systems, showing how attackers can extract sensitive information through query manipulation, emphasizing the need for privacy-preserving solutions.

Contribution

It provides the first systematic analysis of privacy risks in MRAG across vision-language and speech-language modalities using a novel attack method.

Findings

Attackers can extract private info via structured prompt attacks

LMMs can generate outputs that reveal sensitive data

Privacy vulnerabilities are significant in multimodal systems

Abstract

Multimodal Retrieval-Augmented Generation (MRAG) systems enhance LMMs by integrating external multimodal databases, but introduce unexplored privacy vulnerabilities. While text-based RAG privacy risks have been studied, multimodal data presents unique challenges. We provide the first systematic analysis of MRAG privacy vulnerabilities across vision-language and speech-language modalities. Using a novel compositional structured prompt attack in a black-box setting, we demonstrate how attackers can extract private information by manipulating queries. Our experiments reveal that LMMs can both directly generate outputs resembling retrieved content and produce descriptions that indirectly expose sensitive information, highlighting the urgent need for robust privacy-preserving MRAG techniques.