Saved in:
Bibliographic Details
Main Authors: Sima, Bingrui, Cong, Linhua, Wang, Wenxuan, He, Kun
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.19684
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912399910502400
author Sima, Bingrui
Cong, Linhua
Wang, Wenxuan
He, Kun
author_facet Sima, Bingrui
Cong, Linhua
Wang, Wenxuan
He, Kun
contents The emergence of Multimodal Large Language Models (MLRMs) has enabled sophisticated visual reasoning capabilities by integrating reinforcement learning and Chain-of-Thought (CoT) supervision. However, while these enhanced reasoning capabilities improve performance, they also introduce new and underexplored safety risks. In this work, we systematically investigate the security implications of advanced visual reasoning in MLRMs. Our analysis reveals a fundamental trade-off: as visual reasoning improves, models become more vulnerable to jailbreak attacks. Motivated by this critical finding, we introduce VisCRA (Visual Chain Reasoning Attack), a novel jailbreak framework that exploits the visual reasoning chains to bypass safety mechanisms. VisCRA combines targeted visual attention masking with a two-stage reasoning induction strategy to precisely control harmful outputs. Extensive experiments demonstrate VisCRA's significant effectiveness, achieving high attack success rates on leading closed-source MLRMs: 76.48% on Gemini 2.0 Flash Thinking, 68.56% on QvQ-Max, and 56.60% on GPT-4o. Our findings highlight a critical insight: the very capability that empowers MLRMs -- their visual reasoning -- can also serve as an attack vector, posing significant security risks.
format Preprint
id arxiv_https___arxiv_org_abs_2505_19684
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle VisCRA: A Visual Chain Reasoning Attack for Jailbreaking Multimodal Large Language Models
Sima, Bingrui
Cong, Linhua
Wang, Wenxuan
He, Kun
Computer Vision and Pattern Recognition
The emergence of Multimodal Large Language Models (MLRMs) has enabled sophisticated visual reasoning capabilities by integrating reinforcement learning and Chain-of-Thought (CoT) supervision. However, while these enhanced reasoning capabilities improve performance, they also introduce new and underexplored safety risks. In this work, we systematically investigate the security implications of advanced visual reasoning in MLRMs. Our analysis reveals a fundamental trade-off: as visual reasoning improves, models become more vulnerable to jailbreak attacks. Motivated by this critical finding, we introduce VisCRA (Visual Chain Reasoning Attack), a novel jailbreak framework that exploits the visual reasoning chains to bypass safety mechanisms. VisCRA combines targeted visual attention masking with a two-stage reasoning induction strategy to precisely control harmful outputs. Extensive experiments demonstrate VisCRA's significant effectiveness, achieving high attack success rates on leading closed-source MLRMs: 76.48% on Gemini 2.0 Flash Thinking, 68.56% on QvQ-Max, and 56.60% on GPT-4o. Our findings highlight a critical insight: the very capability that empowers MLRMs -- their visual reasoning -- can also serve as an attack vector, posing significant security risks.
title VisCRA: A Visual Chain Reasoning Attack for Jailbreaking Multimodal Large Language Models
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2505.19684