Enregistré dans:
Détails bibliographiques
Auteurs principaux: Ye, Xi, Liu, Yiwen, Wang, Lina, Wang, Run, Yang, Geying, Hou, Yufei, Yu, Jiayi
Format: Preprint
Publié: 2026
Sujets:
Accès en ligne:https://arxiv.org/abs/2601.07141
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866909987545022464
author Ye, Xi
Liu, Yiwen
Wang, Lina
Wang, Run
Yang, Geying
Hou, Yufei
Yu, Jiayi
author_facet Ye, Xi
Liu, Yiwen
Wang, Lina
Wang, Run
Yang, Geying
Hou, Yufei
Yu, Jiayi
contents Text-to-image (T2I) models have raised increasing safety concerns due to their capacity to generate NSFW and other banned objects. To mitigate these risks, safety filters and concept removal techniques have been introduced to block inappropriate prompts or erase sensitive concepts from the models. However, all the existing defense methods are not well prepared to handle diverse adversarial prompts. In this work, we introduce MacPrompt, a novel black-box and cross-lingual attack that reveals previously overlooked vulnerabilities in T2I safety mechanisms. Unlike existing attacks that rely on synonym substitution or prompt obfuscation, MacPrompt constructs macaronic adversarial prompts by performing cross-lingual character-level recombination of harmful terms, enabling fine-grained control over both semantics and appearance. By leveraging this design, MacPrompt crafts prompts with high semantic similarity to the original harmful inputs (up to 0.96) while bypassing major safety filters (up to 100%). More critically, it achieves attack success rates as high as 92% for sex-related content and 90% for violence, effectively breaking even state-of-the-art concept removal defenses. These results underscore the pressing need to reassess the robustness of existing T2I safety mechanisms against linguistically diverse and fine-grained adversarial strategies.
format Preprint
id arxiv_https___arxiv_org_abs_2601_07141
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle MacPrompt: Maraconic-guided Jailbreak against Text-to-Image Models
Ye, Xi
Liu, Yiwen
Wang, Lina
Wang, Run
Yang, Geying
Hou, Yufei
Yu, Jiayi
Cryptography and Security
Text-to-image (T2I) models have raised increasing safety concerns due to their capacity to generate NSFW and other banned objects. To mitigate these risks, safety filters and concept removal techniques have been introduced to block inappropriate prompts or erase sensitive concepts from the models. However, all the existing defense methods are not well prepared to handle diverse adversarial prompts. In this work, we introduce MacPrompt, a novel black-box and cross-lingual attack that reveals previously overlooked vulnerabilities in T2I safety mechanisms. Unlike existing attacks that rely on synonym substitution or prompt obfuscation, MacPrompt constructs macaronic adversarial prompts by performing cross-lingual character-level recombination of harmful terms, enabling fine-grained control over both semantics and appearance. By leveraging this design, MacPrompt crafts prompts with high semantic similarity to the original harmful inputs (up to 0.96) while bypassing major safety filters (up to 100%). More critically, it achieves attack success rates as high as 92% for sex-related content and 90% for violence, effectively breaking even state-of-the-art concept removal defenses. These results underscore the pressing need to reassess the robustness of existing T2I safety mechanisms against linguistically diverse and fine-grained adversarial strategies.
title MacPrompt: Maraconic-guided Jailbreak against Text-to-Image Models
topic Cryptography and Security
url https://arxiv.org/abs/2601.07141