Summary of Empirical Analysis Of Large Vision-language Models Against Goal Hijacking Via Visual Prompt Injection, by Subaru Kimura et al.
Empirical Analysis of Large Vision-Language Models against Goal Hijacking via Visual Prompt Injection
by Subaru Kimura, Ryota Tanaka, Shumpei Miyawaki, Jun Suzuki, Keisuke Sakaguchi
First submitted to arxiv on: 7 Aug 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed “goal hijacking via visual prompt injection” (GHVPI) method maliciously exploits the ability of large vision-language models to follow instructions, swapping the original task with an alternative one designated by an attacker. The study reveals that GPT-4V is vulnerable to GHVPI, demonstrating a 15.8% attack success rate, posing an unignorable security risk. The analysis highlights the importance of high character recognition capability and instruction-following ability in LVLMs for successful GHVPI. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Large vision-language models can be tricked into performing tasks they weren’t designed to do. This is called “goal hijacking.” Researchers have found a way to do this by adding special instructions, or “visual prompts,” to an image. They call it “visual prompt injection” (VPI). The goal is to make the model follow these new instructions instead of doing what it was originally supposed to do. In this case, they were able to trick GPT-4V into performing a task 15.8% of the time. This shows that large vision-language models are vulnerable to attacks like this and need to be made more secure. |
Keywords
» Artificial intelligence » Gpt » Prompt
