Overview
Severity: HIGH | Affected: Multimodal LLMs | Category: research
A new paper published by researchers from Carnegie Mellon University introduces a novel jailbreak technique called 'Semantic Splicing'. The attack bypasses safety filters on multimodal large language models by embedding harmful instructions within the imperceptible semantic layers of an image, which are then processed alongside an innocuous text prompt. For instance, a query to generate a children's story can be combined with an image that has been subtly altered to encode a request for phishing email content. The model processes the combined inputs, with the visual data overriding the text-based safety alignment. This method has proven effective against several state-of-the-art models, including Google's Gemini 2.5 and OpenAI's GPT-5, achieving a success rate of over 85% in red-teaming trials. The research exposes a fundamental vulnerability in how models fuse and interpret multimodal inputs, requiring a complete rethink of alignment strategies for vision-language models.