SHIELD: Classifier-Guided Prompting for Robust and Safer LVLMs
This addresses safety vulnerabilities in LVLMs for users deploying these models in real-world applications, offering a practical, plug-and-play solution without retraining.
The paper tackles the problem of adversarial inputs that conceal harmful goals in benign prompts for Large Vision-Language Models (LVLMs) by proposing SHIELD, a lightweight, model-agnostic preprocessing framework that uses fine-grained safety classification and tailored prompts to enforce nuanced refusals or safe redirection, resulting in consistently lower jailbreak and non-following rates across five benchmarks and five LVLMs while preserving utility.
Large Vision-Language Models (LVLMs) unlock powerful multimodal reasoning but also expand the attack surface, particularly through adversarial inputs that conceal harmful goals in benign prompts. We propose SHIELD, a lightweight, model-agnostic preprocessing framework that couples fine-grained safety classification with category-specific guidance and explicit actions (Block, Reframe, Forward). Unlike binary moderators, SHIELD composes tailored safety prompts that enforce nuanced refusals or safe redirection without retraining. Across five benchmarks and five representative LVLMs, SHIELD consistently lowers jailbreak and non-following rates while preserving utility. Our method is plug-and-play, incurs negligible overhead, and is easily extendable to new attack types -- serving as a practical safety patch for both weakly and strongly aligned LVLMs.