Overview
Severity: HIGH | Affected: Major LLM Providers | Category: research
A paper published by researchers at Carnegie Mellon University introduces 'Chroma-Shift', a novel jailbreak technique targeting multi-modal language models. The attack embeds malicious prompts within the pixel data of seemingly innocuous images, using subtle color variations that are imperceptible to humans but are processed as commands by the model's vision component. The research demonstrates that this method can reliably circumvent safety filters to generate harmful content, including misinformation, hate speech, and malicious code, across several state-of-the-art models. This steganographic approach represents a new vector for adversarial attacks, highlighting the vulnerability of multi-modal systems to inputs where malicious intent is hidden across different data types. The researchers responsibly disclosed their findings to major AI developers prior to publication, urging the development of more holistic safety mechanisms that analyze inputs across all modalities.