CaptionFool: Universal Image Captioning Model Attacks
This exposes critical vulnerabilities in deployed vision-language models, posing a security problem for users and developers, and is a novel method for a known bottleneck.
The paper tackled adversarial attacks on image captioning models by introducing CaptionFool, a universal attack that modifies only about 1.2% of image patches to achieve a 94-96% success rate in generating arbitrary target captions, including offensive content.
Image captioning models are encoder-decoder architectures trained on large-scale image-text datasets, making them susceptible to adversarial attacks. We present CaptionFool, a novel universal (input-agnostic) adversarial attack against state-of-the-art transformer-based captioning models. By modifying only 7 out of 577 image patches (approximately 1.2% of the image), our attack achieves 94-96% success rate in generating arbitrary target captions, including offensive content. We further demonstrate that CaptionFool can generate "slang" terms specifically designed to evade existing content moderation filters. Our findings expose critical vulnerabilities in deployed vision-language models and underscore the urgent need for robust defenses against such attacks. Warning: This paper contains model outputs which are offensive in nature.