← Back to Library

Enhanced MLLM Black-Box Jailbreaking Attacks and Defenses

Authors: Xingwei Zhong, Kar Wai Fok, Vrizlynn L. L. Thing

Published: 2025-10-24

arXiv ID: 2510.21214v1

Added to Library: 2025-10-27 05:01 UTC

Red Teaming

📄 Abstract

Multimodal large language models (MLLMs) comprise of both visual and textual modalities to process vision language tasks. However, MLLMs are vulnerable to security-related issues, such as jailbreak attacks that alter the model's input to induce unauthorized or harmful responses. The incorporation of the additional visual modality introduces new dimensions to security threats. In this paper, we proposed a black-box jailbreak method via both text and image prompts to evaluate MLLMs. In particular, we designed text prompts with provocative instructions, along with image prompts that introduced mutation and multi-image capabilities. To strengthen the evaluation, we also designed a Re-attack strategy. Empirical results show that our proposed work can improve capabilities to assess the security of both open-source and closed-source MLLMs. With that, we identified gaps in existing defense methods to propose new strategies for both training-time and inference-time defense methods, and evaluated them across the new jailbreak methods. The experiment results showed that the re-designed defense methods improved protections against the jailbreak attacks.

🔍 Key Points

  • Introduction of a novel black-box jailbreak attack methodology for multimodal large language models (MLLMs) using enhanced text prompts and image prompts with mutation techniques.
  • Development of a Re-attack strategy that improves the effectiveness of jailbreak attempts by leveraging initial attack successes and failures.
  • Empirical evaluation demonstrating significant performance improvements in jailbreak success rates across various open-source and closed-source MLLMs, achieving over 70% average attack success rate (ASR).
  • Identification and analysis of gaps in existing defense mechanisms, leading to the proposal of enhanced defense methods that perform better against the newly introduced jailbreak techniques.
  • A comprehensive evaluation framework for understanding the vulnerabilities of MLLMs to jailbreak attacks, including an analysis of defense methods such as AdaShield and JailGuard.

💡 Why This Paper Matters

This paper provides significant contributions to the field of MLLM security by unveiling novel attack strategies that exploit the vulnerabilities of multimodal models. The developed methods and empirical analyses establish a framework for understanding these vulnerabilities, which is crucial for the development of robust security measures. The findings not only highlight the ease with which MLLMs can be compromised but also contribute to ongoing efforts to fortify these models against potential security threats.

🎯 Why It's Interesting for AI Security Researchers

This paper is of particular interest to AI security researchers as it addresses the increasing vulnerabilities associated with multimodal large language models, which are being used in sensitive applications. The novel attack methodologies and comprehensive evaluations provide a deeper understanding of MLLM security, paving the way for more effective defense mechanisms. Researchers focused on adversarial robustness and AI safety will find the insights and empirical results valuable for advancing security measures in AI systems.

📚 Read the Full Paper

📄 View on arXiv 📎 Download PDF