Overview
Severity: HIGH | Affected: Multi-Modal LLMs | Category: research
Researchers at Carnegie Mellon University's CyLab have published a paper detailing a novel jailbreak technique called 'Semantic Inversion.' This method specifically targets multi-modal large language models (LLMs) that process both text and images. By crafting carefully constructed images containing steganographically hidden prompts, the technique forces the model to bypass its safety filters and generate harmful or restricted content. The image acts as a 'key' that unlocks a vulnerable state in the model's integrated vision-language processing layers, causing it to misinterpret safety policies. The researchers demonstrated successful attacks against several leading commercial models, causing them to generate misinformation and code for malware. This research exposes a new attack surface in multi-modal systems and calls for more robust, cross-modality safety alignment techniques resistant to such hidden-prompt attacks.