This study addresses the privacy risks posed by user-uploaded visual data in multimodal large language model (MLLM) cloud services, presenting the first systematic investigation of visual privacy protection under black-box settings. The work proposes a Pareto-optimal learning objective to achieve a theoretically grounded trade-off between privacy preservation and model utility, alongside a key-history-augmented optimization strategy tailored to the interaction constraints of black-box MLLMs. Experimental results demonstrate that the proposed method significantly outperforms existing approaches across multiple benchmark datasets, maintaining strong task performance even under stringent privacy guarantees.

The emergence of Multimodal Large Language Models (MLLMs) and the widespread usage of MLLM cloud services such as GPT-4V raised great concerns about privacy leakage in visual data. As these models are typically deployed in cloud services, users are required to submit their images and videos, posing serious privacy risks. However, how to tackle such privacy concerns is an under-explored problem. Thus, in this paper, we aim to conduct a new investigation to protect visual privacy when enjoying the convenience brought by MLLM services. We address the practical case where the MLLM is a "black box", i.e., we only have access to its input and output without knowing its internal model information. To tackle such a challenging yet demanding problem, we propose a novel framework, in which we carefully design the learning objective with Pareto optimality to seek a better trade-off between visual privacy and MLLM's performance, and propose critical-history enhanced optimization to effectively optimize the framework with the black-box MLLM. Our experiments show that our method is effective on different benchmarks.