Saved in:
Bibliographic Details
Main Authors: Zhou, Yuxuan, Bai, Yang, Gao, Kuofeng, Dai, Tao, Xia, Shu-Tao
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.07315
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912698983251968
author Zhou, Yuxuan
Bai, Yang
Gao, Kuofeng
Dai, Tao
Xia, Shu-Tao
author_facet Zhou, Yuxuan
Bai, Yang
Gao, Kuofeng
Dai, Tao
Xia, Shu-Tao
contents The widespread application of large VLMs makes ensuring their secure deployment critical. While recent studies have demonstrated jailbreak attacks on VLMs, existing approaches are limited: they require either white-box access, restricting practicality, or rely on manually crafted patterns, leading to poor sample diversity and scalability. To address these gaps, we propose JPRO, a novel multi-agent collaborative framework designed for automated VLM jailbreaking. It effectively overcomes the shortcomings of prior methods in attack diversity and scalability. Through the coordinated action of four specialized agents and its two core modules: Tactic-Driven Seed Generation and Adaptive Optimization Loop, JPRO generates effective and diverse attack samples. Experimental results show that JPRO achieves over a 60\% attack success rate on multiple advanced VLMs, including GPT-4o, significantly outperforming existing methods. As a black-box attack approach, JPRO not only uncovers critical security vulnerabilities in multimodal models but also offers valuable insights for evaluating and enhancing VLM robustness.
format Preprint
id arxiv_https___arxiv_org_abs_2511_07315
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle JPRO: Automated Multimodal Jailbreaking via Multi-Agent Collaboration Framework
Zhou, Yuxuan
Bai, Yang
Gao, Kuofeng
Dai, Tao
Xia, Shu-Tao
Cryptography and Security
The widespread application of large VLMs makes ensuring their secure deployment critical. While recent studies have demonstrated jailbreak attacks on VLMs, existing approaches are limited: they require either white-box access, restricting practicality, or rely on manually crafted patterns, leading to poor sample diversity and scalability. To address these gaps, we propose JPRO, a novel multi-agent collaborative framework designed for automated VLM jailbreaking. It effectively overcomes the shortcomings of prior methods in attack diversity and scalability. Through the coordinated action of four specialized agents and its two core modules: Tactic-Driven Seed Generation and Adaptive Optimization Loop, JPRO generates effective and diverse attack samples. Experimental results show that JPRO achieves over a 60\% attack success rate on multiple advanced VLMs, including GPT-4o, significantly outperforming existing methods. As a black-box attack approach, JPRO not only uncovers critical security vulnerabilities in multimodal models but also offers valuable insights for evaluating and enhancing VLM robustness.
title JPRO: Automated Multimodal Jailbreaking via Multi-Agent Collaboration Framework
topic Cryptography and Security
url https://arxiv.org/abs/2511.07315