๐ค AI Summary
This study addresses the vulnerability of vision-language models (VLMs) in content moderation to ASCII art jailbreak attacks, which enable harmful text to evade detection. The authors systematically evaluate eight state-of-the-art VLMs on EnglishโChinese bilingual corpora across eight ASCII art construction types, conducting experiments at ten image resolution levels. They reveal, for the first time, a consistent resolution failure threshold across multilingual and multi-construction settings: beyond this threshold, detection rates drop sharply. Notably, embedding-based ASCII constructions prove most resistant to recognition, effectively bypassing detection across all resolution levels. These findings expose a systemic weakness in current content moderation systems that rely on VLMs, highlighting critical limitations in their robustness against visually obfuscated adversarial inputs.
๐ Abstract
Large Vision-Language Models (VLMs) are increasingly deployed as content moderation tools, yet they remain vulnerable to jailbreak attacks in which harmful text is visually encoded as ASCII art. This can allow inappropriate or harmful content to bypass moderation systems. To address this vulnerability, this paper investigates how image resolution affects VLM detection of harmful ASCII art across eight character construction modes (L1-L8), ranging from dense block characters to word-embedded designs. We evaluate eight state-of-the-art VLMs on English and Chinese corpora using a pipeline that generates ASCII art images at ten resolution scales, probing whether a consistent detection-failure threshold exists across models, modes, and languages. Results indicate that detection rates decline sharply above certain resolution thresholds, and that word-based modes are the most resistant to detection across the full resolution range. These findings reveal a systematic vulnerability in VLM-based content moderation systems and motivate resolution-aware evaluation standards.