Overview
Severity: HIGH | Affected: Multi-modal LLMs | Category: research
A paper published by researchers at the Stanford AI Lab has introduced a new class of jailbreak attacks termed 'Recursive Embedding Attack' (REA). This technique targets multi-modal large language models (LLMs) that process both text and images. The attack works by encoding a malicious prompt within the nuanced pixel data of a seemingly benign image, which is then recursively referenced by a simple text prompt. The model's image processing module decodes the hidden prompt, which then bypasses the text-based safety filters and alignment training, compelling the model to generate harmful or restricted content. The researchers demonstrated the attack's effectiveness against several state-of-the-art commercial and open-source multi-modal models, achieving an 85% success rate in bypassing safety guards. The paper calls for more robust, cross-modal alignment techniques to defend against such sophisticated exploits.