Summary of Vision-llms Can Fool Themselves with Self-generated Typographic Attacks, by Maan Qraitem et al.
Vision-LLMs Can Fool Themselves with Self-Generated Typographic Attacks
by Maan Qraitem, Nazia Tasnim, Piotr Teterwak, Kate Saenko, Bryan A. Plummer
First submitted to arxiv on: 1 Feb 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper introduces a new threat to vision-language models (LVLMs), typographic attacks that deceive them by adding misleading text to images. The researchers test the vulnerability of recent large LVLMs, including GPT4-V, and propose two novel self-generated attacks: class-based attacks and reasoned attacks. These attacks significantly reduce classification performance by up to 60% across different models, including InstructBLIP and MiniGPT4. To mitigate this risk, the paper provides a comprehensive experimental setup for testing typographic attacks on LVLMs. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Typographic attacks can trick vision-language models into thinking something is real when it’s not. The big idea is to add misleading text to images to confuse these powerful AI systems. Right now, we don’t know much about how well recent large models like GPT4-V can be fooled by these attacks. To fix this problem, the researchers created a way to test typographic attacks on these models and came up with two new types of attacks that are really good at tricking them. |
Keywords
* Artificial intelligence * Classification
