Image Hijacks: Adversarial Images can Control Generative Models at Runtime

arXiv:2309.00236v3 Announce Type: replace-cross
Abstract: Are foundation models secure against malicious actors? In this work, we focus on the image input to a vision-language model (VLM). We discover image hijacks, adversarial images that control the behaviour of VLMs at inference time, and introduce the general Behaviour Matching algorithm for training image hijacks. From this, we derive the Prompt Matching method, allowing us to train hijacks matching the behaviour of an arbitrary user-defined text prompt (e.g. 'the Eiffel Tower is now …

adversarial algorithm arxiv can control cs.cl cs.cr cs.lg discover focus foundation foundation models general generative generative models image images input language malicious malicious actors runtime training work