English

DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models

Cryptography and Security 2026-05-20 v1 Artificial Intelligence Computer Vision and Pattern Recognition Machine Learning

Abstract

While vision and multimodal foundation models underpin critical tasks from perception to complex reasoning, they remain highly vulnerable to adversarial attacks. However, traditional adversarial attacks are typically limited to single, predefined objectives, tightly coupling each attack to a specific model or task, which restricts their scalability and flexibility in real-world scenarios. In this work, we present DarkLLM, a novel attack framework that trains an LLM to translate natural-language attack instructions into latent attack vectors, which are then decoded into visual adversarial perturbations. By leveraging natural-language instruction tuning, DarkLLM not only unifies targeted, untargeted, segmentation, and multi-model attacks within a single framework, but also achieves flexible and controllable adversarial generation, enabling each instruction to produce a perturbation that induces desired behaviors across heterogeneous models. Through extensive experiments across 4 tasks, 13 datasets, and 15 models, we demonstrate that DarkLLM with only 1B parameters can follow attacker instructions and generate highly effective attacks against CLIP, SAM, and frontier LLMs, revealing a systemic vulnerability in modern foundation models.

Keywords

Cite

@article{arxiv.2605.18868,
  title  = {DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models},
  author = {Ye Sun and Xin Wang and Jiaming Zhang and Yifeng Gao and Yixu Wang and Yifan Ding and Qixian Zhang and Henghui Ding and Xingjun Ma and Yu-Gang Jiang},
  journal= {arXiv preprint arXiv:2605.18868},
  year   = {2026}
}

Comments

23 pages, 13 figures