CAVALRY-V: A Large-Scale Generator Framework for Adversarial Attacks on Video MLLMs

TL;DR

CAVALRY-V is a novel, efficient framework for generating adversarial attacks on Video Multimodal Large Language Models, significantly degrading their performance across various benchmarks and models.

Contribution

It introduces a dual-objective loss and a two-stage generator for effective, scalable adversarial attacks on V-MLLMs, enhancing attack transferability and temporal coherence.

Findings

Achieves 22.8% improvement over baselines on commercial and open-source models.

Significantly outperforms existing attack methods on video understanding benchmarks.

Improves image understanding performance by 34.4% on average.

Abstract

Video Multimodal Large Language Models (V-MLLMs) have shown impressive capabilities in temporal reasoning and cross-modal understanding, yet their vulnerability to adversarial attacks remains underexplored due to unique challenges: complex cross-modal reasoning mechanisms, temporal dependencies, and computational constraints. We present CAVALRY-V (Cross-modal Language-Vision Adversarial Yielding for Videos), a novel framework that directly targets the critical interface between visual perception and language generation in V-MLLMs. Our approach introduces two key innovations: (1) a dual-objective semantic-visual loss function that simultaneously disrupts the model's text generation logits and visual representations to undermine cross-modal integration, and (2) a computationally efficient two-stage generator framework that combines large-scale pre-training for cross-model transferability with specialized fine-tuning for spatiotemporal coherence. Empirical evaluation on comprehensive video understanding benchmarks demonstrates that CAVALRY-V significantly outperforms existing attack methods, achieving 22.8% average improvement over the best baseline attacks on both commercial systems (GPT-4.1, Gemini 2.0) and open-source models (QwenVL-2.5, InternVL-2.5, Llava-Video, Aria, MiniCPM-o-2.6). Our framework achieves flexibility through implicit temporal coherence modeling rather than explicit regularization, enabling significant performance improvements even on image understanding (34.4% average gain). This capability demonstrates CAVALRY-V's potential as a foundational approach for adversarial research across multimodal systems.