Go to ICLR 2026 Conference homepageSafeguarding Vision-Language Models via Dynamic Token Reweighting
Keywords: Vision Language Models, Jailbreak Attack, KV Optimization
TL;DR: We present a novel VLM defense method that dynamically reweights visual tokens during inference, blocking multimodal jailbreak attacks while keeping benign task performance intact.
Abstract: Large vision-language models (VLMs) are highly vulnerable to jailbreak attacks that exploit visual-textual interactions to bypass safety guardrails. In this paper, we present DTR, a novel inference-time defense that mitigates multimodal jailbreak attacks through optimizing the model's key-value (KV) caches. Rather than relying on curated safety-specific data or costly image-to-text conversion, we introduce a new formulation of the safety-relevant distributional shift induced by the visual modality. This formulation enables DTR to dynamically adjust visual token weights, minimizing the impact of adversarial visual inputs while preserving the model's general capabilities and inference efficiency. Extensive evaluation across diverse VLMs and attack benchmarks demonstrates that \sys outperforms existing defenses in both attack robustness and benign task performance, marking the first successful application of KV cache optimization for safety enhancement in multimodal foundation models. The code for replicating DTR is available: https://anonymous.4open.science/r/DTR-2755 (warning: this paper contains potentially harmful content generated by VLMs.)
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 17153
Loading