Jailbreaking Attack against Multimodal Large Language Model
CoRR(2024)
摘要
This paper focuses on jailbreaking attacks against multi-modal large language
models (MLLMs), seeking to elicit MLLMs to generate objectionable responses to
harmful user queries. A maximum likelihood-based algorithm is proposed to find
an image Jailbreaking Prompt (imgJP), enabling jailbreaks against MLLMs
across multiple unseen prompts and images (i.e., data-universal property). Our
approach exhibits strong model-transferability, as the generated imgJP can be
transferred to jailbreak various models, including MiniGPT-v2, LLaVA,
InstructBLIP, and mPLUG-Owl2, in a black-box manner. Moreover, we reveal a
connection between MLLM-jailbreaks and LLM-jailbreaks. As a result, we
introduce a construction-based method to harness our approach for
LLM-jailbreaks, demonstrating greater efficiency than current state-of-the-art
methods. The code is available here. Warning: some content generated by
language models may be offensive to some readers.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要