Harnessing Hyperbolic Geometry for Harmful Prompt Detection and Sanitization
This addresses safety concerns for VLM users by providing an efficient and interpretable defense against harmful prompts, though it is incremental as it builds on existing anomaly detection and attribution methods.
The paper tackles the problem of malicious prompts in Vision-Language Models (VLMs) by introducing a framework with Hyperbolic Prompt Espial (HyPE) for detection and Hyperbolic Prompt Sanitization (HyPS) for sanitization, which consistently outperforms prior defenses in accuracy and robustness across multiple datasets and adversarial scenarios.
Vision-Language Models (VLMs) have become essential for tasks such as image synthesis, captioning, and retrieval by aligning textual and visual information in a shared embedding space. Yet, this flexibility also makes them vulnerable to malicious prompts designed to produce unsafe content, raising critical safety concerns. Existing defenses either rely on blacklist filters, which are easily circumvented, or on heavy classifier-based systems, both of which are costly and fragile under embedding-level attacks. We address these challenges with two complementary components: Hyperbolic Prompt Espial (HyPE) and Hyperbolic Prompt Sanitization (HyPS). HyPE is a lightweight anomaly detector that leverages the structured geometry of hyperbolic space to model benign prompts and detect harmful ones as outliers. HyPS builds on this detection by applying explainable attribution methods to identify and selectively modify harmful words, neutralizing unsafe intent while preserving the original semantics of user prompts. Through extensive experiments across multiple datasets and adversarial scenarios, we prove that our framework consistently outperforms prior defenses in both detection accuracy and robustness. Together, HyPE and HyPS offer an efficient, interpretable, and resilient approach to safeguarding VLMs against malicious prompt misuse.