Saved in:
Bibliographic Details
Main Authors: Wang, Xiaosen, Wang, Shaokang, Ge, Zhijin, Luo, Yuyang, Zhang, Shudong
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.19911
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917043990691840
author Wang, Xiaosen
Wang, Shaokang
Ge, Zhijin
Luo, Yuyang
Zhang, Shudong
author_facet Wang, Xiaosen
Wang, Shaokang
Ge, Zhijin
Luo, Yuyang
Zhang, Shudong
contents Large Vision-Language Models (VLMs) have achieved remarkable success in understanding complex real-world scenarios and supporting data-driven decision-making processes. However, VLMs exhibit significant vulnerability against adversarial examples, either text or image, which can lead to various adversarial outcomes, e.g., jailbreaking, hijacking, and hallucination, etc. In this work, we empirically and theoretically demonstrate that VLMs are particularly susceptible to image-based adversarial examples, where imperceptible perturbations can precisely manipulate each output token. To this end, we propose a novel attack called Vision-language model Manipulation Attack (VMA), which integrates first-order and second-order momentum optimization techniques with a differentiable transformation mechanism to effectively optimize the adversarial perturbation. Notably, VMA can be a double-edged sword: it can be leveraged to implement various attacks, such as jailbreaking, hijacking, privacy breaches, Denial-of-Service, and the generation of sponge examples, etc, while simultaneously enabling the injection of watermarks for copyright protection. Extensive empirical evaluations substantiate the efficacy and generalizability of VMA across diverse scenarios and datasets. Code is available at https://github.com/Trustworthy-AI-Group/VMA.
format Preprint
id arxiv_https___arxiv_org_abs_2505_19911
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Attention! Your Vision Language Model Could Be Maliciously Manipulated
Wang, Xiaosen
Wang, Shaokang
Ge, Zhijin
Luo, Yuyang
Zhang, Shudong
Computer Vision and Pattern Recognition
Large Vision-Language Models (VLMs) have achieved remarkable success in understanding complex real-world scenarios and supporting data-driven decision-making processes. However, VLMs exhibit significant vulnerability against adversarial examples, either text or image, which can lead to various adversarial outcomes, e.g., jailbreaking, hijacking, and hallucination, etc. In this work, we empirically and theoretically demonstrate that VLMs are particularly susceptible to image-based adversarial examples, where imperceptible perturbations can precisely manipulate each output token. To this end, we propose a novel attack called Vision-language model Manipulation Attack (VMA), which integrates first-order and second-order momentum optimization techniques with a differentiable transformation mechanism to effectively optimize the adversarial perturbation. Notably, VMA can be a double-edged sword: it can be leveraged to implement various attacks, such as jailbreaking, hijacking, privacy breaches, Denial-of-Service, and the generation of sponge examples, etc, while simultaneously enabling the injection of watermarks for copyright protection. Extensive empirical evaluations substantiate the efficacy and generalizability of VMA across diverse scenarios and datasets. Code is available at https://github.com/Trustworthy-AI-Group/VMA.
title Attention! Your Vision Language Model Could Be Maliciously Manipulated
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2505.19911