Cross-Modal Obfuscation for Jailbreak Attacks on Large Vision-Language Models
This addresses a critical safety problem for users and developers of LVLMs by exposing vulnerabilities in current safety mechanisms, though it is incremental as it builds on existing black-box jailbreak methods.
The paper tackled the vulnerability of Large Vision-Language Models (LVLMs) to jailbreak attacks by proposing CAMO, a framework that decomposes malicious prompts into benign visual and textual fragments to evade detection, achieving robust performance and strong cross-model transferability with significantly fewer queries than prior attacks.
Large Vision-Language Models (LVLMs) demonstrate exceptional performance across multimodal tasks, yet remain vulnerable to jailbreak attacks that bypass built-in safety mechanisms to elicit restricted content generation. Existing black-box jailbreak methods primarily rely on adversarial textual prompts or image perturbations, yet these approaches are highly detectable by standard content filtering systems and exhibit low query and computational efficiency. In this work, we present Cross-modal Adversarial Multimodal Obfuscation (CAMO), a novel black-box jailbreak attack framework that decomposes malicious prompts into semantically benign visual and textual fragments. By leveraging LVLMs' cross-modal reasoning abilities, CAMO covertly reconstructs harmful instructions through multi-step reasoning, evading conventional detection mechanisms. Our approach supports adjustable reasoning complexity and requires significantly fewer queries than prior attacks, enabling both stealth and efficiency. Comprehensive evaluations conducted on leading LVLMs validate CAMO's effectiveness, showcasing robust performance and strong cross-model transferability. These results underscore significant vulnerabilities in current built-in safety mechanisms, emphasizing an urgent need for advanced, alignment-aware security and safety solutions in vision-language systems.