Seeing the Threat: Vulnerabilities in Vision-Language Models to Adversarial Attack

TL;DR

This paper investigates security vulnerabilities in large vision-language models by analyzing their susceptibility to adversarial attacks, proposing a new evaluation framework, and defining normative safety standards for multimodal AI systems.

Contribution

It introduces a systematic analysis of adversarial vulnerabilities in LVLMs, a novel two-stage evaluation framework, and a normative schema for safety alignment in multimodal models.

Findings

Conventional adversarial attacks can bypass safety mechanisms in LVLMs.

The proposed framework effectively differentiates types of model responses to harmful prompts.

A normative schema provides a target for aligning model behavior with safety standards.

Abstract

Large Vision-Language Models (LVLMs) have shown remarkable capabilities across a wide range of multimodal tasks. However, their integration of visual inputs introduces expanded attack surfaces, thereby exposing them to novel security vulnerabilities. In this work, we conduct a systematic representational analysis to uncover why conventional adversarial attacks can circumvent the safety mechanisms embedded in LVLMs. We further propose a novel two stage evaluation framework for adversarial attacks on LVLMs. The first stage differentiates among instruction non compliance, outright refusal, and successful adversarial exploitation. The second stage quantifies the degree to which the model's output fulfills the harmful intent of the adversarial prompt, while categorizing refusal behavior into direct refusals, soft refusals, and partial refusals that remain inadvertently helpful. Finally, we introduce a normative schema that defines idealized model behavior when confronted with harmful prompts, offering a principled target for safety alignment in multimodal systems.