Soft Prompts Go Hard: Steering Visual Language Models with Hidden Meta-Instructions

Add code
Jul 12, 2024
Tingwei Zhang, Collin Zhang, John X. Morris, Eugene Bagdasaryan, Vitaly Shmatikov
Figure 1 for Soft Prompts Go Hard: Steering Visual Language Models with Hidden Meta-Instructions
Figure 2 for Soft Prompts Go Hard: Steering Visual Language Models with Hidden Meta-Instructions
Figure 3 for Soft Prompts Go Hard: Steering Visual Language Models with Hidden Meta-Instructions
Figure 4 for Soft Prompts Go Hard: Steering Visual Language Models with Hidden Meta-Instructions

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We introduce a new type of indirect injection vulnerabilities in language models that operate on images: hidden "meta-instructions" that influence how the model interprets the image and steer the model's outputs to express an adversary-chosen style, sentiment, or point of view. We explain how to create meta-instructions by generating images that act as soft prompts. Unlike jailbreaking attacks and adversarial examples, the outputs resulting from these images are plausible and based on the visual content of the image, yet follow the adversary's (meta-)instructions. We describe the risks of these attacks, including misinformation and spin, evaluate their efficacy for multiple visual language models and adversarial meta-objectives, and demonstrate how they can "unlock" the capabilities of the underlying language models that are unavailable via explicit text instructions. Finally, we discuss defenses against these attacks.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon