Go to ACL ARR 2025 May homepagePhi: Preference Hijacking in Multi-modal Large Language Models at Inference Time
Abstract: Recently, Multimodal Large Language Models (MLLMs) have gained significant attention across various domains. However, their widespread adoption has also raised serious safety concerns.
In this paper, we uncover a new safety risk of MLLMs: the output preference of MLLMs can be arbitrarily manipulated by carefully optimized images. Such attacks often generate contextually relevant yet biased responses that are neither overtly harmful nor unethical, making them difficult to detect. Specifically, we introduce a novel method, **P**reference **Hi**jacking (**Phi**), for manipulating the MLLM response preferences using a preference hijacked image. Our method works at inference time and requires no model modifications. Additionally, we introduce a universal hijacking perturbation -- a transferable component that can be embedded into different images to hijack MLLM responses toward any attacker-specified preferences. Experimental results across various tasks demonstrate the effectiveness of our approach.
Paper Type: Long
Research Area: Interpretability and Analysis of Models for NLP
Research Area Keywords: Multi-modal Large Language Models, Model Preference, Model Safety
Contribution Types: Model analysis & interpretability
Languages Studied: English
Submission Number: 3621
Loading