Enhancing the Safety of Medical Vision-Language Models by Synthetic Demonstrations

TL;DR

This paper proposes a synthetic demonstration-based inference-time defense strategy for medical vision-language models to improve security against harmful queries while maintaining performance.

Contribution

It introduces a novel defense method using synthetic demonstrations to mitigate security vulnerabilities in Med-VLMs without significant performance loss.

Findings

Defense strategy effectively mitigates visual and textual jailbreak attacks.

Increasing demonstration budget reduces over-defense issues.

Mixed demonstration strategy balances security and performance.

Abstract

Generative medical vision-language models~(Med-VLMs) are primarily designed to generate complex textual information~(e.g., diagnostic reports) from multimodal inputs including vision modality~(e.g., medical images) and language modality~(e.g., clinical queries). However, their security vulnerabilities remain underexplored. Med-VLMs should be capable of rejecting harmful queries, such as \textit{Provide detailed instructions for using this CT scan for insurance fraud}. At the same time, addressing security concerns introduces the risk of over-defense, where safety-enhancing mechanisms may degrade general performance, causing Med-VLMs to reject benign clinical queries. In this paper, we propose a novel inference-time defense strategy to mitigate harmful queries, enabling defense against visual and textual jailbreak attacks. Using diverse medical imaging datasets collected from nine modalities, we demonstrate that our defense strategy based on synthetic clinical demonstrations enhances model safety without significantly compromising performance. Additionally, we find that increasing the demonstration budget alleviates the over-defense issue. We then introduce a mixed demonstration strategy as a trade-off solution for balancing security and performance under few-shot demonstration budget constraints.