Jailbreaks on Vision Language Model via Multimodal Reasoning
This work addresses vulnerabilities in safety alignment for vision-language models, which is an incremental but important security concern for AI developers and users.
The paper tackled the problem of jailbreaking vision-language models by exploiting prompt variations and adaptive noising to bypass safety filters, achieving a significant improvement in attack success rates while maintaining naturalness.
Vision-language models (VLMs) have become central to tasks such as visual question answering, image captioning, and text-to-image generation. However, their outputs are highly sensitive to prompt variations, which can reveal vulnerabilities in safety alignment. In this work, we present a jailbreak framework that exploits post-training Chain-of-Thought (CoT) prompting to construct stealthy prompts capable of bypassing safety filters. To further increase attack success rates (ASR), we propose a ReAct-driven adaptive noising mechanism that iteratively perturbs input images based on model feedback. This approach leverages the ReAct paradigm to refine adversarial noise in regions most likely to activate safety defenses, thereby enhancing stealth and evasion. Experimental results demonstrate that the proposed dual-strategy significantly improves ASR while maintaining naturalness in both text and visual domains.