audio-injectionhides the malicious instruction inside an audio clip so the speech-to-text step picks it up.ocr-bypassputs text in an image in ways that the image reader still extracts but filters may skip.video-frame-injectionslips an instruction into one or more video frames.image-text-mismatchmakes the picture say one thing while the caption says another, to confuse the model.multimodal-context-confusionmixes signals across formats so the model loses track of what is real.
Attack Strategies
Multimodal: Attack Strategy
Attacks that hide harmful instructions inside non-text inputs like images, audio, or video. The AI reads the hidden text and follows it.
What it is: Attacks that hide harmful instructions inside non-text inputs like images, audio, or video. The AI reads the hidden text and follows it.
How the attacks work: The attacker puts the real instruction somewhere the AI looks but a human glance might miss. Text inside a picture, words in an audio clip, or a single frame in a video. The AI processes that hidden content as if the user typed it.
Real examples from the framework: