Omni-Safety under Cross-Modality Conflict: Vulnerabilities, Dynamics Mechanisms and Efficient Alignment

TL;DR

This paper investigates safety vulnerabilities in omni-modal large language models, revealing a specific refusal mechanism and proposing OmniSteer to improve safety while maintaining multimodal capabilities.

Contribution

It introduces a systematic analysis of cross-modal safety risks, a novel vulnerability detection dataset, and a new intervention method called OmniSteer for safer OLLMs.

Findings

Refusal success rate increased from 69.9% to 91.2%.

Identified a Mid-layer Dissolution phenomenon in OLLMs.

Proposed a lightweight adaptive intervention method, OmniSteer.

Abstract

Omni-modal Large Language Models (OLLMs) greatly expand LLMs' multimodal capabilities but also introduce cross-modal safety risks. However, a systematic understanding of vulnerabilities in omni-modal interactions remains lacking. To bridge this gap, we establish a modality-semantics decoupling principle and construct the AdvBench-Omni dataset, which reveals a significant vulnerability in OLLMs. Mechanistic analysis uncovers a Mid-layer Dissolution phenomenon driven by refusal vector magnitude shrinkage, alongside the existence of a modal-invariant pure refusal direction. Inspired by these insights, we extract a golden refusal vector using Singular Value Decomposition and propose OmniSteer, which utilizes lightweight adapters to modulate intervention intensity adaptively. Extensive experiments show that our method not only increases the Refusal Success Rate against harmful inputs from 69.9% to 91.2%, but also effectively preserves the general capabilities across all modalities. Our code is available at: https://github.com/zhrli324/omni-safety-research.