Overview
Severity: HIGH | Affected: Multiple LMM Vendors | Category: research
A new paper from Carnegie Mellon University's CyLab has detailed a novel jailbreak technique named 'Cognitive Override.' This method specifically targets large multi-modal models (LMMs) by crafting inputs that create a logical conflict between the visual and textual data streams. For example, an image depicting a harmless object is paired with a text prompt that subtly re-contextualizes it in a harmful scenario. The LMM, attempting to reconcile the conflicting inputs, can be tricked into bypassing its safety filters and generating harmful or malicious content. The research demonstrates a high success rate against leading models from Google, OpenAI, and Anthropic. The paper urges developers to re-evaluate their safety alignment strategies for multi-modal systems, as current text-based filtering approaches are insufficient to mitigate this new class of attacks. The researchers have responsibly disclosed their findings to the affected vendors.