Saved in:
Bibliographic Details
Main Authors: Song, Zhixue, Han, Boyan, Wang, Yiwei, Zhang, Chi
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.07250
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914543066677248
author Song, Zhixue
Han, Boyan
Wang, Yiwei
Zhang, Chi
author_facet Song, Zhixue
Han, Boyan
Wang, Yiwei
Zhang, Chi
contents Recent advancements in visual context compression enable MLLMs to process ultra-long contexts efficiently by rendering text into images. However, we identify a critical vulnerability inherent to this paradigm: lowering image resolution inadvertently catalyzes jailbreaking. Our experiments reveal that the safety defenses of SOTA models deteriorate sharply as resolution degrades, surprisingly persisting even when text remains legible. We attribute this to ``Cognitive Overload'', hypothesizing that the effort required to decipher degraded inputs diverts attentional resources from safety auditing. This phenomenon is consistent across various visual perturbations, including noise and geometric distortion. To address this, we propose a simple ``Structured Cognitive Offloading'' strategy that mitigates these risks by enforcing a serialized pipeline to decouple visual transcription from safety assessment. Our work exposes a significant risk in vision-based compression and provides critical insights for the secure design of future MLLMs.
format Preprint
id arxiv_https___arxiv_org_abs_2605_07250
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Hard to Read, Easy to Jailbreak: How Visual Degradation Bypasses MLLM Safety Alignment
Song, Zhixue
Han, Boyan
Wang, Yiwei
Zhang, Chi
Computer Vision and Pattern Recognition
Artificial Intelligence
Recent advancements in visual context compression enable MLLMs to process ultra-long contexts efficiently by rendering text into images. However, we identify a critical vulnerability inherent to this paradigm: lowering image resolution inadvertently catalyzes jailbreaking. Our experiments reveal that the safety defenses of SOTA models deteriorate sharply as resolution degrades, surprisingly persisting even when text remains legible. We attribute this to ``Cognitive Overload'', hypothesizing that the effort required to decipher degraded inputs diverts attentional resources from safety auditing. This phenomenon is consistent across various visual perturbations, including noise and geometric distortion. To address this, we propose a simple ``Structured Cognitive Offloading'' strategy that mitigates these risks by enforcing a serialized pipeline to decouple visual transcription from safety assessment. Our work exposes a significant risk in vision-based compression and provides critical insights for the secure design of future MLLMs.
title Hard to Read, Easy to Jailbreak: How Visual Degradation Bypasses MLLM Safety Alignment
topic Computer Vision and Pattern Recognition
Artificial Intelligence
url https://arxiv.org/abs/2605.07250