{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2024:GFO34OPZFUXF2Q2VUUHNCWVG77","short_pith_number":"pith:GFO34OPZ","schema_version":"1.0","canonical_sha256":"315dbe39f92d2e5d4355a50ed15aa6ffd02460c8281a0666af934f6e1e33ac43","source":{"kind":"arxiv","id":"2402.00626","version":3},"attestation_state":"computed","paper":{"title":"Vision-LLMs Can Fool Themselves with Self-Generated Typographic Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CR","cs.LG"],"primary_cat":"cs.CV","authors_text":"Bryan A. Plummer, Kate Saenko, Maan Qraitem, Nazia Tasnim, Piotr Teterwak","submitted_at":"2024-02-01T14:41:20Z","abstract_excerpt":"Typographic attacks, adding misleading text to images, can deceive vision-language models (LVLMs). The susceptibility of recent large LVLMs like GPT4-V to such attacks is understudied, raising concerns about amplified misinformation in personal assistant applications. Previous attacks use simple strategies, such as random misleading words, which don't fully exploit LVLMs' language reasoning abilities. We introduce an experimental setup for testing typographic attacks on LVLMs and propose two novel self-generated attacks: (1) Class-based attacks, where the model identifies a similar class to de"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2402.00626","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CV","submitted_at":"2024-02-01T14:41:20Z","cross_cats_sorted":["cs.CR","cs.LG"],"title_canon_sha256":"fec20d6827efbfaf8799805b727fe2f192e272fd33bbc2d085a82cbdfd6a0018","abstract_canon_sha256":"5105e0c3c85f7456ec6180c371efb376190dbb9783720ee987167ad6efc37596"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T10:13:38.519325Z","signature_b64":"xj43AS1h+9ZQ06VggfVPRmBFt5Ei9cLlN5SleHm09Kx71sFYWWCpdVVwFKrMeebQ+fbKtMVnDFdNnIeMKE3ODw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"315dbe39f92d2e5d4355a50ed15aa6ffd02460c8281a0666af934f6e1e33ac43","last_reissued_at":"2026-07-05T10:13:38.518832Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T10:13:38.518832Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Vision-LLMs Can Fool Themselves with Self-Generated Typographic Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CR","cs.LG"],"primary_cat":"cs.CV","authors_text":"Bryan A. Plummer, Kate Saenko, Maan Qraitem, Nazia Tasnim, Piotr Teterwak","submitted_at":"2024-02-01T14:41:20Z","abstract_excerpt":"Typographic attacks, adding misleading text to images, can deceive vision-language models (LVLMs). The susceptibility of recent large LVLMs like GPT4-V to such attacks is understudied, raising concerns about amplified misinformation in personal assistant applications. Previous attacks use simple strategies, such as random misleading words, which don't fully exploit LVLMs' language reasoning abilities. We introduce an experimental setup for testing typographic attacks on LVLMs and propose two novel self-generated attacks: (1) Class-based attacks, where the model identifies a similar class to de"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2402.00626","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2402.00626/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2402.00626","created_at":"2026-07-05T10:13:38.518890+00:00"},{"alias_kind":"arxiv_version","alias_value":"2402.00626v3","created_at":"2026-07-05T10:13:38.518890+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2402.00626","created_at":"2026-07-05T10:13:38.518890+00:00"},{"alias_kind":"pith_short_12","alias_value":"GFO34OPZFUXF","created_at":"2026-07-05T10:13:38.518890+00:00"},{"alias_kind":"pith_short_16","alias_value":"GFO34OPZFUXF2Q2V","created_at":"2026-07-05T10:13:38.518890+00:00"},{"alias_kind":"pith_short_8","alias_value":"GFO34OPZ","created_at":"2026-07-05T10:13:38.518890+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":4,"internal_anchor_count":0,"sample":[{"citing_arxiv_id":"2607.01518","citing_title":"Overthink-Triggered Slowdown Attacks on LVLM-Based Robotic Systems","ref_index":30,"is_internal_anchor":false},{"citing_arxiv_id":"2502.05206","citing_title":"Safety at Scale: A Comprehensive Survey of Large Model and Agent Safety","ref_index":294,"is_internal_anchor":false},{"citing_arxiv_id":"2604.03995","citing_title":"A Systematic Study of Cross-Modal Typographic Attacks on Audio-Visual Reasoning","ref_index":9,"is_internal_anchor":false},{"citing_arxiv_id":"2605.11716","citing_title":"SafeSteer: A Decoding-level Defense Mechanism for Multimodal Large Language Models","ref_index":47,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77","json":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77.json","graph_json":"https://pith.science/api/pith-number/GFO34OPZFUXF2Q2VUUHNCWVG77/graph.json","events_json":"https://pith.science/api/pith-number/GFO34OPZFUXF2Q2VUUHNCWVG77/events.json","paper":"https://pith.science/paper/GFO34OPZ"},"agent_actions":{"view_html":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77","download_json":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77.json","view_paper":"https://pith.science/paper/GFO34OPZ","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2402.00626&json=true","fetch_graph":"https://pith.science/api/pith-number/GFO34OPZFUXF2Q2VUUHNCWVG77/graph.json","fetch_events":"https://pith.science/api/pith-number/GFO34OPZFUXF2Q2VUUHNCWVG77/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77/action/timestamp_anchor","attest_storage":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77/action/storage_attestation","attest_author":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77/action/author_attestation","sign_citation":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77/action/citation_signature","submit_replication":"https://pith.science/pith/GFO34OPZFUXF2Q2VUUHNCWVG77/action/replication_record"}},"created_at":"2026-07-05T10:13:38.518890+00:00","updated_at":"2026-07-05T10:13:38.518890+00:00"}