Security News > 2023 > July > Indirect Instruction Injection in Multi-Modal LLMs
Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.
When the user asks the model about the perturbed image or audio, the perturbation steers the model to output the attacker-chosen text and/or make the subsequent dialog follow the attacker's instruction.
We illustrate this attack with several proof-of-concept examples targeting LLaVa and PandaGPT..