中文

DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models

密码学与安全 2026-05-20 v1 人工智能 计算机视觉与模式识别 机器学习

摘要

While vision and multimodal foundation models underpin critical tasks from perception to complex reasoning, they remain highly vulnerable to adversarial attacks. However, traditional adversarial attacks are typically limited to single, predefined objectives, tightly coupling each attack to a specific model or task, which restricts their scalability and flexibility in real-world scenarios. In this work, we present DarkLLM, a novel attack framework that trains an LLM to translate natural-language attack instructions into latent attack vectors, which are then decoded into visual adversarial perturbations. By leveraging natural-language instruction tuning, DarkLLM not only unifies targeted, untargeted, segmentation, and multi-model attacks within a single framework, but also achieves flexible and controllable adversarial generation, enabling each instruction to produce a perturbation that induces desired behaviors across heterogeneous models. Through extensive experiments across 4 tasks, 13 datasets, and 15 models, we demonstrate that DarkLLM with only 1B parameters can follow attacker instructions and generate highly effective attacks against CLIP, SAM, and frontier LLMs, revealing a systemic vulnerability in modern foundation models.

关键词

引用

@article{arxiv.2605.18868,
  title  = {DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models},
  author = {Ye Sun and Xin Wang and Jiaming Zhang and Yifeng Gao and Yixu Wang and Yifan Ding and Qixian Zhang and Henghui Ding and Xingjun Ma and Yu-Gang Jiang},
  journal= {arXiv preprint arXiv:2605.18868},
  year   = {2026}
}

备注

23 pages, 13 figures