🤖 AI Summary
Vision-language models (VLMs) exhibit critical security vulnerabilities to text prompt injection attacks in open-ended interactive settings. Method: We propose a lightweight, efficient, and generalizable attack method that synergistically combines prompt engineering with adversarial input construction—requiring no model gradients or fine-tuning, and relying solely on carefully crafted textual instructions jointly perturbed with image context to mislead mainstream VLMs (e.g., LLaVA, Qwen-VL). Contribution/Results: Our approach achieves significantly higher attack success rates across multi-task benchmarks—averaging a 12.7% improvement over state-of-the-art baselines—while maintaining sub-0.8-second per-attack latency and reducing GPU memory consumption by over 60%. This work constitutes the first systematic empirical demonstration of VLMs’ susceptibility to pure-text prompt injection under realistic open-world interaction protocols, thereby establishing a foundational benchmark and technical reference for future robustness modeling and defensive mechanism design.
📝 Abstract
The widespread application of large vision language models has significantly raised safety concerns. In this project, we investigate text prompt injection, a simple yet effective method to mislead these models. We developed an algorithm for this type of attack and demonstrated its effectiveness and efficiency through experiments. Compared to other attack methods, our approach is particularly effective for large models without high demand for computational resources.