# multimodal
117 articlestagged with “multimodal”
Advanced Practice Exam
25-question practice exam covering advanced AI red team techniques: multimodal attacks, training pipeline exploitation, agentic system attacks, embedding manipulation, and fine-tuning security.
Practice Exam 2: Advanced AI Security
25-question advanced practice exam covering multimodal attacks, training pipeline security, cloud AI security, forensics, and governance.
Multimodal Security Practice Exam
Practice exam covering image injection, audio attacks, cross-modal transfer, and document parsing exploitation.
Advanced Multimodal Assessment
In-depth assessment of cross-modal attack vectors including image injection, audio manipulation, and steganographic techniques.
Multimodal Attacks Assessment
Assessment on image injection, audio attacks, cross-modal exploitation, and multimodal defense bypass.
Multimodal Defense Assessment
Assessment covering defenses against visual injection, audio attacks, and cross-modal exploitation.
Multimodal Attack Assessment
Test your understanding of attacks against multimodal AI systems, including image-based injection, audio adversarial examples, and cross-modal manipulation with 10 intermediate-level questions.
Advanced Multimodal Attacks Assessment
Advanced assessment covering cross-modal attacks, steganographic injection, and multimodal defense bypass.
Skill Verification: Multimodal Attack Execution
Hands-on verification of image injection, audio manipulation, and cross-modal transfer attacks.
Skill Verification: Multimodal Defense
Practical verification of ability to defend multimodal AI systems against cross-modal attacks.
Skill Verification: Multimodal Attacks
Hands-on verification of multimodal attack capabilities across image, audio, and document modalities.
Multimodal Security Study Guide
Study guide for multimodal attack and defense topics covering image, audio, and document modalities.
Multimodal Security Study Guide (Assessment)
Study guide for multimodal security assessments covering image, audio, document, and cross-modal attacks.
Capstone: Build a Multimodal Attack Testing Suite
Design and implement a comprehensive testing suite for attacking multimodal AI systems across text, image, audio, and document modalities.
Capstone: Multimodal System Assessment
Capstone exercise: red team assessment of a multimodal AI system processing images, documents, and text.
Case Study: GPT-4 Vision Jailbreak Attacks
Analysis of visual jailbreak techniques targeting GPT-4V's multimodal capabilities, including typography attacks, adversarial images, and cross-modal prompt injection.
Case Study: Multimodal Jailbreak Campaigns
Analysis of multimodal jailbreak campaigns targeting GPT-4V and Gemini vision capabilities.
Case Study: Prompt Injection Attacks on Google Bard/Gemini
Analysis of prompt injection vulnerabilities discovered in Google Bard (later Gemini), including indirect injection through Google Workspace integration and the unique attack surface created by multimodal capabilities.
Multimodal Embedding Attacks
Exploiting cross-modal embedding models like CLIP — adversarial image-text alignment manipulation, cross-modal injection, and attacks on multimodal retrieval systems.
Multimodal Embedding Attacks (Embedding Vector Security)
Attacking multimodal embedding spaces like CLIP for cross-modal manipulation.
Model Types and Their Attack Surfaces
How text, vision, multimodal, embedding, and code generation models each present unique vulnerabilities and attack surfaces for red teamers.
Multi-Modal Reasoning Attacks
Attacking reasoning processes that span multiple modalities in vision-language and audio-language models.
Multimodal Reasoning Security
Security challenges specific to models that reason across text, image, audio, and video modalities simultaneously.
Injection Research
Advanced research in prompt injection, jailbreak automation, and multimodal attack vectors, covering cutting-edge techniques that push beyond standard injection approaches.
Adversarial Perturbation Attacks
Gradient-based pixel-level attacks against vision encoders, covering FGSM, PGD, C&W, transferability, physical-world adversarial examples, and perturbation budget constraints.
Audio & Speech Adversarial Attacks
Adversarial attacks against speech-enabled AI systems, covering ultrasonic injection, ASR adversarial noise, hidden voice commands, voice cloning for authentication bypass, and real-time audio manipulation.
Multimodal Attack Vectors
Exploitation of vision-language models, typographic attacks, audio injection, document-based attacks, and cross-modal adversarial techniques.
Cross-Modal Embedding Attacks
Exploitation of shared embedding spaces across modalities: CLIP adversarial images, typographic attacks, VLM injection, and dimensionality reduction attacks.
Lab: Audio Adversarial Examples
Hands-on lab for crafting adversarial audio perturbations that cause speech-to-text models and voice assistants to misinterpret spoken commands, demonstrating attacks on audio AI systems.
Multimodal Attack Chain Lab
Chain attacks across text, image, and structured data modalities to exploit multimodal system vulnerabilities.
Lab: Multimodal Attack Pipeline
Build an automated multimodal attack pipeline that generates adversarial images, combines them with text prompts, and tests against vision-language models (VLMs).
Multimodal Image Injection
Embed adversarial text in images that triggers prompt injection in vision-language models.
Multi-Modal Attack Chain Orchestration
Orchestrate attacks across text, image, and document modalities to bypass per-modality safety filters.
Lab: Multimodal Input Testing Basics
Introduction to testing multimodal LLMs with image and text inputs to understand cross-modal behavior.
CTF: Multimodal Maze
Navigate a multimodal challenge using image, text, and audio injection vectors. Each modality unlocks the next stage of the maze, requiring cross-modal attack chaining.
Multimodal Cipher: Cross-Modal Decryption
Decode a flag split across text, image, and audio inputs processed by a multimodal AI system.
Lab: Multimodal Injection
Hands-on lab for embedding text instructions in images to exploit vision-enabled LLMs. Learn to craft visual prompt injections, test OCR-based attacks, and evaluate multimodal safety boundaries.
Lab: Multimodal Injection (Intermediate Lab)
Embed prompt injection instructions in images for vision-enabled models, testing how visual content can carry adversarial payloads.
Lab: Intermediate Multimodal Security Testing
Test multimodal LLMs with crafted images containing embedded text, adversarial perturbations, and visual injection payloads.
Simulation: Multimodal Application Assessment
Red team simulation targeting an application that processes both images and text, testing visual injection, cross-modal attacks, and multimodal jailbreaks.
Gemini (Google) Overview
Architecture overview of Google's Gemini model family, including natively multimodal design, long context capabilities, Google ecosystem integration, and security-relevant features for red teaming.
Gemini Known Vulnerabilities
Documented Gemini vulnerabilities including image generation bias incidents, system prompt extraction, safety filter inconsistencies, multimodal injection exploits, and grounding abuse.
Multimodal Model Security Comparison
Comparing security properties across multimodal models (GPT-4V, Claude, Gemini) with focus on cross-modal injection and vision-language attacks.
3D Model Adversarial Attacks
Adversarial attacks on AI systems that process 3D models, point clouds, and spatial data.
Adversarial Image Perturbation for VLMs
Generating adversarial perturbations that cause vision-language models to misinterpret or follow injected instructions.
Adversarial Patch Attacks on VLMs
Crafting physical adversarial patches that trigger specific behaviors in vision-language models when captured by cameras.
Adversarial Typography Attacks
Craft adversarial text rendered as images to exploit OCR and vision model text recognition.
Audio Modality Attacks
Comprehensive attack taxonomy for audio-enabled LLMs: adversarial audio generation, voice-based prompt injection, cross-modal split attacks, and ultrasonic perturbations.
Audio Model Attack Surface
Overview of audio model security, including attacks on Whisper, speech-to-text systems, voice assistants, and the audio processing pipeline.
Adversarial Attacks on Audio and Speech Models
Techniques for crafting adversarial audio that exploits speech recognition, voice assistants, and audio-language models including hidden commands and psychoacoustic masking.
Audio Frequency Domain Injection
Hiding adversarial instructions in audio frequency bands that are processed by speech-to-text models but inaudible to humans.
Hidden Audio Commands for Voice AI
Embed hidden commands in audio that are inaudible to humans but recognized by speech processing AI.
Audio-Based Injection Attacks
Attacking speech-to-text and audio-language models through adversarial audio crafting.
Chart and Graph Injection Attacks
Embedding adversarial instructions in charts, graphs, and data visualizations processed by VLMs.
Cross-Modal Attack Strategies
Overview of attack strategies that exploit the boundaries between input modalities in multimodal AI systems, including vision-language, audio-text, and document processing pipelines.
Lab: Multi-Modal Attack Chain
Hands-on lab for building and executing a multi-step attack chain that combines image injection, document exploitation, and text-based techniques against a multimodal AI system.
Multimodal Defense Strategies
Comprehensive defense approaches for multimodal AI systems: cross-modal verification, perceptual hashing, NSFW detection, input sanitization, and defense-in-depth architectures.
Multimodal Jailbreaking Techniques
Combined multi-modal approaches to bypass safety alignment, including image-text combination attacks, typographic jailbreaks, visual chain-of-thought manipulation, and multi-modal crescendo techniques.
Transferring Attacks Across Modalities
Techniques for crafting adversarial inputs that transfer across modalities, using one input channel to attack processing in another, including image-to-text, audio-to-action, and document-to-tool attack chains.
Cross-Modal Transfer Attacks
Attacks that transfer across modalities — using one input modality to attack processing in another.
Depth Map Adversarial Attacks
Adversarial manipulation of depth information in 3D understanding tasks processed by multimodal models.
Attacks on Document Processing AI
Techniques for attacking document understanding systems including OCR pipelines, PDF processors, and document-language models through layout manipulation, hidden text, and metadata injection.
Document Metadata Injection
Inject adversarial content through document metadata fields processed by multimodal AI systems.
Document Parsing Exploitation
Exploiting PDF, DOCX, and other document parsers in multimodal AI systems for injection and data extraction.
Image-Based Prompt Injection Techniques
Techniques for embedding adversarial prompts in images consumed by vision-language models.
Image Metadata Injection Attacks
Exploiting EXIF metadata, IPTC data, and other image metadata fields for prompt injection in VLM pipelines.
Image Steganography for AI Attacks
Using steganographic techniques to embed adversarial payloads in images that evade human inspection and automated detection while influencing AI model behavior.
Image Steganography for LLM Injection
Use image steganography to embed prompt injection payloads invisible to human viewers.
Multimodal Security
Security assessment of multimodal AI systems processing images, audio, video, and cross-modal inputs, covering vision-language models, speech systems, video analysis, and cross-modal attack techniques.
Medical Imaging Adversarial Attacks
Adversarial attacks on medical imaging AI including radiology, pathology, and dermatology classification systems.
Alignment Challenges in Multimodal Models
Analysis of alignment challenges specific to multimodal AI systems, including cross-modal safety gaps, representation conflicts, and the difficulty of extending text-based safety training to visual, audio, and video inputs.
Multimodal Consistency Attacks
Exploit inconsistencies between how different modalities process the same information.
Multimodal Defense Bypass Techniques
Techniques for bypassing safety filters that only analyze individual modalities.
Defending Multimodal AI Systems
Comprehensive defense strategies for multimodal AI systems including input sanitization, cross-modal safety classifiers, instruction hierarchy, and monitoring for adversarial multimodal inputs.
Multimodal Fusion Layer Attacks
Attacking the fusion mechanisms that combine information from multiple modalities in multimodal models.
Model Extraction from Multimodal Systems
Techniques for extracting model capabilities, weights, and architecture details from multimodal AI systems through visual, audio, and cross-modal query strategies.
Image-Based Prompt Injection Attacks
Comprehensive techniques for injecting adversarial prompts through images, covering typographic injection, steganographic embedding, and visual payload delivery against multimodal AI systems.
Multimodal Prompt Injection Survey
Comprehensive survey of prompt injection vectors across all modalities including text, image, audio, video, and code.
Multimodal RAG Poisoning
Poisoning multimodal RAG systems through adversarial documents with embedded visual and textual payloads.
Methodology for Red Teaming Multimodal Systems
Structured methodology for conducting security assessments of multimodal AI systems, covering scoping, attack surface enumeration, test execution, and reporting with MITRE ATLAS mappings.
Benchmarking Multimodal Model Safety
Designing and implementing safety benchmarks for multimodal AI models that process images, audio, and video alongside text, covering cross-modal attack evaluation, consistency testing, and safety score aggregation.
Multimodal Watermark Evasion
Techniques for evading and removing watermarks applied to AI-generated images, audio, and video content.
OCR Adversarial Attacks
Crafting images that cause OCR systems to extract adversarial text for downstream injection.
PDF Document Injection Techniques
Exploiting PDF parsing in multimodal models to inject instructions through hidden text layers and embedded objects.
QR Code and Barcode Injection Attacks
Using QR codes and barcodes as vectors for prompt injection in vision-language model applications.
Satellite Imagery Adversarial Attacks
Adversarial manipulation of satellite imagery analysis AI for geospatial intelligence and earth observation.
Attacks via Screen Capture and Computer-Use AI
Techniques for attacking AI systems that process screen captures, including computer-use agents, screen-reading assistants, and automated UI testing systems.
Screenshot and UI Injection Attacks
Injecting prompts through screenshots and UI elements processed by computer-use AI agents.
Sign Language and Gesture Injection
Exploiting sign language and gesture recognition models through adversarial physical gestures and modified inputs.
Steganographic Prompt Injection
Hiding prompt injection payloads using steganographic techniques in images and audio.
Adversarial Attacks on Text-to-Image Models
Understanding and evaluating adversarial attacks on text-to-image generation models including prompt manipulation for safety bypass, concept erasure attacks, adversarial perturbation of guidance, and membership inference on training data.
Typography-Based Prompt Injection
Exploiting text rendering in images to deliver prompt injection payloads through typography recognition in VLMs.
Video Model Attacks
Video understanding model security, frame-level vs temporal attacks, how video models process sequences, and the complete attack surface overview.
Video Understanding Model Exploitation
Attacking video captioning, video Q&A, and action recognition models with adversarial videos that cause misclassification or instruction injection.
Video Frame Injection
Injecting adversarial content into video frames processed by video-understanding AI models.
Video Temporal Frame Injection
Injecting adversarial frames at specific temporal positions in video streams processed by video understanding models.
Attacks on Video Understanding Models
Techniques for attacking AI video understanding systems through frame injection, temporal manipulation, and adversarial video generation targeting models like Gemini 2.5 Pro.
Attacks on Vision-Language Models
Comprehensive techniques for attacking vision-language models including GPT-4V, Claude vision, and Gemini, covering adversarial images, typographic exploits, and multimodal jailbreaks.
VLM Architecture & Vision-Language Alignment
Deep dive into VLM architectures including CLIP, SigLIP, and vision transformers. How image patches become tokens, alignment training, and where misalignment creates exploitable gaps.
Image-Based Prompt Injection
Techniques for embedding text instructions in images to manipulate VLMs, including steganographic injection, visible text attacks, and QR code exploitation.
Vision-Language Model Attacks
Comprehensive overview of the VLM attack surface, how vision encoders connect to language models, and why multimodal systems create new injection vectors.
VLM-Specific Jailbreaking
Jailbreaking techniques that exploit the vision modality, including image-text inconsistency attacks, visual safety bypass, and cross-modal jailbreaking strategies.
Multimodal Text Injection Vectors
Injecting adversarial text instructions through non-text modalities including images with embedded text, audio transcription, and document parsing.
Audio Prompt Injection
Injecting adversarial instructions through audio inputs to speech-to-text and multimodal models, exploiting the audio channel as an alternative injection vector.
Cross-Modal Confusion
Confusing multimodal AI models by sending conflicting or complementary signals across different input modalities to bypass safety mechanisms and exploit fusion weaknesses.
Image-Based Prompt Injection (Attack Walkthrough)
Embedding text instructions in images that vision models read, enabling prompt injection through the visual modality to bypass text-only input filters and safety mechanisms.
Multi-Image Chaining
Chaining prompt injection payloads across multiple images in a conversation to deliver complex attacks that evade per-image content filters and build injection context progressively.
Multi-Modal Document Attack Walkthrough
Combine visual and textual injection in documents processed by multimodal LLM applications.
Multimodal Image Injection Walkthrough
Step-by-step walkthrough of embedding adversarial prompts in images for vision model exploitation.
OCR-Based Attacks
Exploiting Optical Character Recognition processing pipelines to inject adversarial text into AI systems, targeting the gap between what OCR extracts and what humans see.
PDF Document Injection
Injecting adversarial prompts through PDF documents processed by AI systems, exploiting document parsing pipelines to deliver payloads through text layers, metadata, and embedded objects.
QR Code Injection
Using QR codes as prompt injection vectors against vision-language models, encoding adversarial instructions in machine-readable formats that models decode and follow.
Steganographic Payload Delivery
Hiding prompt injection payloads in images using steganographic techniques, delivering adversarial instructions through pixel-level modifications invisible to human observers.
Typography Injection in Images
Using rendered text with specific fonts, styles, and typographic techniques in images to inject prompts into vision-language models while evading detection.
Video Frame Injection (Attack Walkthrough)
Embedding prompt injection payloads in specific video frames to attack multimodal models that process video content, exploiting temporal and visual channels simultaneously.
Vision Model Attack Walkthrough
Attack vision-language models through adversarial images with embedded text, perturbations, and visual trojans.
Image Steganography Injection Walkthrough
Walkthrough of hiding prompt injection payloads in images using steganographic techniques for vision model attacks.