pith. sign in

arxiv: 2402.00626 · v3 · pith:GFO34OPZnew · submitted 2024-02-01 · 💻 cs.CV · cs.CR· cs.LG

Vision-LLMs Can Fool Themselves with Self-Generated Typographic Attacks

classification 💻 cs.CV cs.CRcs.LG
keywords attackslvlmstypographicclassdeceivemisleadingmodelsself-generated
0
0 comments X
read the original abstract

Typographic attacks, adding misleading text to images, can deceive vision-language models (LVLMs). The susceptibility of recent large LVLMs like GPT4-V to such attacks is understudied, raising concerns about amplified misinformation in personal assistant applications. Previous attacks use simple strategies, such as random misleading words, which don't fully exploit LVLMs' language reasoning abilities. We introduce an experimental setup for testing typographic attacks on LVLMs and propose two novel self-generated attacks: (1) Class-based attacks, where the model identifies a similar class to deceive itself, and (2) Reasoned attacks, where an advanced LVLM suggests an attack combining a deceiving class and description. Our experiments show these attacks significantly reduce classification performance by up to 60\% and are effective across different models, including InstructBLIP and MiniGPT4. Code: https://github.com/mqraitem/Self-Gen-Typo-Attack

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 4 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Overthink-Triggered Slowdown Attacks on LVLM-Based Robotic Systems

    cs.CR 2026-07 unverdicted novelty 6.0

    Adversaries can use crafted scene text to trigger overthinking in LVLM-based robots, producing transferable slowdowns up to 6.96x latency amplification.

  2. SafeSteer: A Decoding-level Defense Mechanism for Multimodal Large Language Models

    cs.AI 2026-05 unverdicted novelty 6.0

    SafeSteer improves safety in multimodal large language models by up to 33.4% via a decoding probe and modal alignment vector without any fine-tuning.

  3. A Systematic Study of Cross-Modal Typographic Attacks on Audio-Visual Reasoning

    cs.CV 2026-04 unverdicted novelty 6.0

    Coordinated multi-modal typographic attacks on MLLMs achieve 83.43% success rate versus 34.93% for single-modality attacks.

  4. Safety at Scale: A Comprehensive Survey of Large Model and Agent Safety

    cs.CR 2025-02 unverdicted novelty 2.0

    A comprehensive survey that taxonomizes safety threats to large models and agents, reviews defenses and benchmarks, and outlines open challenges.