Safety Fine-Tuning at (Almost) No Cost: A Baseline for Vision Large Language Models
This addresses safety vulnerabilities in VLLMs for users deploying multimodal AI systems, though it is incremental as it builds on existing fine-tuning methods with a new dataset.
The paper tackles the problem of vision large language models (VLLMs) generating harmful content and being vulnerable to jailbreaking attacks by curating a vision-language safe instruction-following dataset (VLGuard) for fine-tuning, which effectively aligns VLLMs with safety while maintaining or enhancing helpfulness, reducing attack success rates to near zero in many cases.
Current vision large language models (VLLMs) exhibit remarkable capabilities yet are prone to generate harmful content and are vulnerable to even the simplest jailbreaking attacks. Our initial analysis finds that this is due to the presence of harmful data during vision-language instruction fine-tuning, and that VLLM fine-tuning can cause forgetting of safety alignment previously learned by the underpinning LLM. To address this issue, we first curate a vision-language safe instruction-following dataset VLGuard covering various harmful categories. Our experiments demonstrate that integrating this dataset into standard vision-language fine-tuning or utilizing it for post-hoc fine-tuning effectively safety aligns VLLMs. This alignment is achieved with minimal impact on, or even enhancement of, the models' helpfulness. The versatility of our safety fine-tuning dataset makes it a valuable resource for safety-testing existing VLLMs, training new models or safeguarding pre-trained VLLMs. Empirical results demonstrate that fine-tuned VLLMs effectively reject unsafe instructions and substantially reduce the success rates of several black-box adversarial attacks, which approach zero in many cases. The code and dataset are available at https://github.com/ys-zong/VLGuard.