This work addresses critical vulnerabilities in multimodal large language models (MLLMs) regarding visual safety alignment, demonstrating their inability to effectively mitigate harmful image generation. The authors propose the BVS framework, which introduces a novel “reconstruction-generation” strategy that neutralizes malicious visual content through semantic decoupling—achieved by disentangling adversarial intent from the original input via neutral visual stitching and inductive recombination. Coupled with multimodal prompt injection, this approach successfully bypasses the safety mechanisms of state-of-the-art MLLMs using semantically irrelevant inputs. Experiments on GPT-5 (January 12, 2026 version) achieve a jailbreak success rate of 98.21%, exposing profound weaknesses in current visual safety defenses and establishing a new benchmark and perspective for research in multimodal alignment security.

The rapid advancement of Multimodal Large Language Models (MLLMs) has introduced complex security challenges, particularly at the intersection of textual and visual safety. While existing schemes have explored the security vulnerabilities of MLLMs, the investigation into their visual safety boundaries remains insufficient. In this paper, we propose Beyond Visual Safety (BVS), a novel image-text pair jailbreaking framework specifically designed to probe the visual safety boundaries of MLLMs. BVS employs a"reconstruction-then-generation"strategy, leveraging neutralized visual splicing and inductive recomposition to decouple malicious intent from raw inputs, thereby leading MLLMs to be induced into generating harmful images. Experimental results demonstrate that BVS achieves a remarkable jailbreak success rate of 98.21\% against GPT-5 (12 January 2026 release). Our findings expose critical vulnerabilities in the visual safety alignment of current MLLMs.