← Back to Library

CrossGuard: Safeguarding MLLMs against Joint-Modal Implicit Malicious Attacks

Authors: Xu Zhang, Hao Li, Zhichao Lu

Published: 2025-10-20

arXiv ID: 2510.17687v1

Added to Library: 2025-10-21 04:01 UTC

Red Teaming

📄 Abstract

Multimodal Large Language Models (MLLMs) achieve strong reasoning and perception capabilities but are increasingly vulnerable to jailbreak attacks. While existing work focuses on explicit attacks, where malicious content resides in a single modality, recent studies reveal implicit attacks, in which benign text and image inputs jointly express unsafe intent. Such joint-modal threats are difficult to detect and remain underexplored, largely due to the scarcity of high-quality implicit data. We propose ImpForge, an automated red-teaming pipeline that leverages reinforcement learning with tailored reward modules to generate diverse implicit samples across 14 domains. Building on this dataset, we further develop CrossGuard, an intent-aware safeguard providing robust and comprehensive defense against both explicit and implicit threats. Extensive experiments across safe and unsafe benchmarks, implicit and explicit attacks, and multiple out-of-domain settings demonstrate that CrossGuard significantly outperforms existing defenses, including advanced MLLMs and guardrails, achieving stronger security while maintaining high utility. This offers a balanced and practical solution for enhancing MLLM robustness against real-world multimodal threats.

🔍 Key Points

  • Introduction of ImpForge, an automated red-teaming pipeline that generates high-quality implicit multimodal malicious samples using reinforcement learning.
  • Development of CrossGuard, a comprehensive, intent-aware safeguard designed to defend against both implicit and explicit threats in multimodal large language models (MLLMs).
  • Demonstration through extensive experiments that CrossGuard significantly outperforms existing defenses, such as MLLM guardrails and advanced models, in terms of security with high utility.
  • Validation of the effectiveness of the ImpForge framework in enhancing MLLM robustness against complex, joint-modal implicit attacks, which are difficult to detect.
  • Addressing the gap in research on implicit attacks, contributing a practical solution that improves safety alignment in real-world applications of MLLMs.

💡 Why This Paper Matters

This paper is significant as it tackles the emerging challenge of implicit jailbreak attacks on MLLMs, providing novel methodologies that strengthen the overall safety of these models. By introducing both ImpForge and CrossGuard, it presents a robust framework for generating and mitigating joint-modal implicit threats, which are increasingly relevant in today's AI landscape. The findings highlight advancements in attack detection and defense strategies, advancing the discourse on AI safety and robustness.

🎯 Why It's Interesting for AI Security Researchers

This paper is of high interest to AI security researchers due to its focus on the critical and often underexplored issue of implicit threats in MLLMs. The methodologies proposed pave the way for enhanced defensive strategies against sophisticated attacks that exploit multimodal interactions, providing insights into red-teaming techniques and robustness evaluation. Furthermore, the results emphasize the importance of adaptive safety mechanisms in AI systems, aligning with ongoing efforts to ensure the ethical and secure deployment of AI technologies.

📚 Read the Full Paper

📄 View on arXiv 📎 Download PDF