There are 5 attacks in the multimodal category. Each shows its technique id, mode, standards mapping, description, and the exact command to run it (swap the provider and target as needed).
Audio Injection
high
audio-injection · single-turn · OWASP: LLM01 · MITRE: AML.T0051.000, AML.T0043.003Hidden voice commands or ultrasonic payloads embedded in audio that multimodal models processRun it:
ai-blackteam run -p anthropic -a audio-injection -t "your target prompt"
OCR Bypass
high
ocr-bypass · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Harmful instructions rendered as text in images to bypass text-based safety filters via OCR processingRun it:
ai-blackteam run -p anthropic -a ocr-bypass -t "your target prompt"
Video Frame Injection
high
video-frame-injection · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Malicious instructions hidden in individual video frames that multimodal models extract during processingRun it:
ai-blackteam run -p anthropic -a video-frame-injection -t "your target prompt"
Image-Text Mismatch
medium
image-text-mismatch · single-turn · OWASP: LLM01, LLM09 · MITRE: AML.T0054, AML.T0043.003Conflicting information between image content and text prompt to confuse multimodal safety filtersRun it:
ai-blackteam run -p anthropic -a image-text-mismatch -t "your target prompt"
Multimodal Context Confusion
medium
multimodal-context-confusion · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0043.003Exploiting context switching between modalities to smuggle harmful content past safety checksRun it:
ai-blackteam run -p anthropic -a multimodal-context-confusion -t "your target prompt"