English

Jailbreaking Attack against Multimodal Large Language Model

Machine Learning 2024-02-07 v1 Computation and Language Cryptography and Security Computer Vision and Pattern Recognition

Abstract

This paper focuses on jailbreaking attacks against multi-modal large language models (MLLMs), seeking to elicit MLLMs to generate objectionable responses to harmful user queries. A maximum likelihood-based algorithm is proposed to find an \emph{image Jailbreaking Prompt} (imgJP), enabling jailbreaks against MLLMs across multiple unseen prompts and images (i.e., data-universal property). Our approach exhibits strong model-transferability, as the generated imgJP can be transferred to jailbreak various models, including MiniGPT-v2, LLaVA, InstructBLIP, and mPLUG-Owl2, in a black-box manner. Moreover, we reveal a connection between MLLM-jailbreaks and LLM-jailbreaks. As a result, we introduce a construction-based method to harness our approach for LLM-jailbreaks, demonstrating greater efficiency than current state-of-the-art methods. The code is available here. \textbf{Warning: some content generated by language models may be offensive to some readers.}

Keywords

Cite

@article{arxiv.2402.02309,
  title  = {Jailbreaking Attack against Multimodal Large Language Model},
  author = {Zhenxing Niu and Haodong Ren and Xinbo Gao and Gang Hua and Rong Jin},
  journal= {arXiv preprint arXiv:2402.02309},
  year   = {2024}
}
R2 v1 2026-06-28T14:37:28.084Z