# multimodal

practice-examadvancedmultimodaltraining-pipelinecloud-aiforensicsgovernance

Practice Exam 2: Advanced AI Security

25-question advanced practice exam covering multimodal attacks, training pipeline security, cloud AI security, forensics, and governance.

practice-exammultimodalvlm

Multimodal Security Practice Exam

Practice exam covering image injection, audio attacks, cross-modal transfer, and document parsing exploitation.

assessmentmultimodalcross-modal

Advanced Multimodal Assessment

In-depth assessment of cross-modal attack vectors including image injection, audio manipulation, and steganographic techniques.

assessmentsmultimodalattacksexam

Multimodal Attacks Assessment

Assessment on image injection, audio attacks, cross-modal exploitation, and multimodal defense bypass.

assessmentssectiondefensemultimodalassessment

Multimodal Defense Assessment

Assessment covering defenses against visual injection, audio attacks, and cross-modal exploitation.

assessmentmultimodalvisionaudiocross-modal-attacks

Multimodal Attack Assessment

Test your understanding of attacks against multimodal AI systems, including image-based injection, audio adversarial examples, and cross-modal manipulation with 10 intermediate-level questions.

assessmentsmultimodaladvancedexam

Advanced Multimodal Attacks Assessment

Advanced assessment covering cross-modal attacks, steganographic injection, and multimodal defense bypass.

skill-verificationmultimodalcross-modal

Skill Verification: Multimodal Attack Execution

Hands-on verification of image injection, audio manipulation, and cross-modal transfer attacks.

assessmentsdefensemultimodalverifyskill

Skill Verification: Multimodal Defense

Practical verification of ability to defend multimodal AI systems against cross-modal attacks.

assessmentsskill-verificationmultimodalpractical

Skill Verification: Multimodal Attacks

Hands-on verification of multimodal attack capabilities across image, audio, and document modalities.

assessmentssecurityguidestudymultimodal

Multimodal Security Study Guide

Study guide for multimodal attack and defense topics covering image, audio, and document modalities.

assessmentsstudy-guidemultimodalprep

Multimodal Security Study Guide (Assessment)

Study guide for multimodal security assessments covering image, audio, document, and cross-modal attacks.

capstonemultimodalattackvisionadversarial

Capstone: Build a Multimodal Attack Testing Suite

Design and implement a comprehensive testing suite for attacking multimodal AI systems across text, image, audio, and document modalities.

capstonemultimodalassessmentfull

Capstone: Multimodal System Assessment

Capstone exercise: red team assessment of a multimodal AI system processing images, documents, and text.

case-studiesgpt-4vmultimodalvisionjailbreakadversarial-images

Case Study: GPT-4 Vision Jailbreak Attacks

Analysis of visual jailbreak techniques targeting GPT-4V's multimodal capabilities, including typography attacks, adversarial images, and cross-modal prompt injection.

case-studiesmultimodaljailbreakscampaigns

Case Study: Multimodal Jailbreak Campaigns

Analysis of multimodal jailbreak campaigns targeting GPT-4V and Gemini vision capabilities.

case-studiesgooglebardgeminiprompt-injectionmultimodal

Case Study: Prompt Injection Attacks on Google Bard/Gemini

Analysis of prompt injection vulnerabilities discovered in Google Bard (later Gemini), including indirect injection through Google Workspace integration and the unique attack surface created by multimodal capabilities.

multimodalclipcross-modalimage-embeddingsadversarial-attacks

Multimodal Embedding Attacks

Exploiting cross-modal embedding models like CLIP — adversarial image-text alignment manipulation, cross-modal injection, and attacks on multimodal retrieval systems.

embeddingmultimodalattacksclip

Multimodal Embedding Attacks (Embedding Vector Security)

Attacking multimodal embedding spaces like CLIP for cross-modal manipulation.

model-typesattack-surfacemultimodalcode-generationbeginner

Model Types and Their Attack Surfaces

How text, vision, multimodal, embedding, and code generation models each present unique vulnerabilities and attack surfaces for red teamers.

frontier-researchmultimodalreasoningattacks

Multi-Modal Reasoning Attacks

Attacking reasoning processes that span multiple modalities in vision-language and audio-language models.

frontiermultimodalreasoning

Multimodal Reasoning Security

Security challenges specific to models that reason across text, image, audio, and video modalities simultaneously.

injectionprompt-injectionjailbreaksmultimodalresearchautomation

Injection Research

Advanced research in prompt injection, jailbreak automation, and multimodal attack vectors, covering cutting-edge techniques that push beyond standard injection approaches.

adversarial-perturbationsvision-encoderFGSMPGDtransferabilityVLMmultimodal

Adversarial Perturbation Attacks

Gradient-based pixel-level attacks against vision encoders, covering FGSM, PGD, C&W, transferability, physical-world adversarial examples, and perturbation budget constraints.

audio-adversarialultrasonicASRvoice-cloninghidden-commandsspeech-to-textmultimodal

Audio & Speech Adversarial Attacks

Adversarial attacks against speech-enabled AI systems, covering ultrasonic injection, ASR adversarial noise, hidden voice commands, voice cloning for authentication bypass, and real-time audio manipulation.

multimodalVLMtypographic-attacksaudio-injectiondocument-attacksvision

Multimodal Attack Vectors

Exploitation of vision-language models, typographic attacks, audio injection, document-based attacks, and cross-modal adversarial techniques.

CLIPmultimodalcross-modalvision-languageadversarial-images

Cross-Modal Embedding Attacks

Exploitation of shared embedding spaces across modalities: CLIP adversarial images, typographic attacks, VLM injection, and dimensionality reduction attacks.

labaudioadversarialmultimodaladvancedhands-on

Lab: Audio Adversarial Examples

Hands-on lab for crafting adversarial audio perturbations that cause speech-to-text models and voice assistants to misinterpret spoken commands, demonstrating attacks on audio AI systems.

chainadvancedlabmultimodalattacklabs

Multimodal Attack Chain Lab

Chain attacks across text, image, and structured data modalities to exploit multimodal system vulnerabilities.

labmultimodalpipelinevision

Lab: Multimodal Attack Pipeline

Build an automated multimodal attack pipeline that generates adversarial images, combines them with text prompts, and tests against vision-language models (VLMs).

labsmultimodalimageinjection

Multimodal Image Injection

Embed adversarial text in images that triggers prompt injection in vision-language models.

labsmultimodalchain-attackorchestrationadvanced

Multi-Modal Attack Chain Orchestration

Orchestrate attacks across text, image, and document modalities to bypass per-modality safety filters.

labsmultimodalbasicsbeginner

Lab: Multimodal Input Testing Basics

Introduction to testing multimodal LLMs with image and text inputs to understand cross-modal behavior.

CTF: Multimodal Maze

Navigate a multimodal challenge using image, text, and audio injection vectors. Each modality unlocks the next stage of the maze, requiring cross-modal attack chaining.

ctfmultimodalmazevision

Multimodal Cipher: Cross-Modal Decryption

Decode a flag split across text, image, and audio inputs processed by a multimodal AI system.

labsctfmultimodalcipher

labmultimodalvisionimage-injectionintermediate

Lab: Multimodal Injection

Hands-on lab for embedding text instructions in images to exploit vision-enabled LLMs. Learn to craft visual prompt injections, test OCR-based attacks, and evaluate multimodal safety boundaries.

labmultimodalimage-injectionvisionintermediatehands-on

Lab: Multimodal Injection (Intermediate Lab)

Embed prompt injection instructions in images for vision-enabled models, testing how visual content can carry adversarial payloads.

labsmultimodalintermediate-testingintermediate

Lab: Intermediate Multimodal Security Testing

Test multimodal LLMs with crafted images containing embedded text, adversarial perturbations, and visual injection payloads.

simulationmultimodalvisionimage-injection

Simulation: Multimodal Application Assessment

Red team simulation targeting an application that processes both images and text, testing visual injection, cross-modal attacks, and multimodal jailbreaks.

geminigooglemultimodallong-contextarchitecturered-teaming

Gemini (Google) Overview

Architecture overview of Google's Gemini model family, including natively multimodal design, long context capabilities, Google ecosystem integration, and security-relevant features for red teaming.

geminivulnerabilitiesbiassystem-prompt-leaksafety-filtersmultimodal

Gemini Known Vulnerabilities

Documented Gemini vulnerabilities including image generation bias incidents, system prompt extraction, safety filter inconsistencies, multimodal injection exploits, and grounding abuse.

modelsmultimodalvisioncomparison

Multimodal Model Security Comparison

Comparing security properties across multimodal models (GPT-4V, Claude, Gemini) with focus on cross-modal injection and vision-language attacks.

multimodal3dadversarialspatial

3D Model Adversarial Attacks

Adversarial attacks on AI systems that process 3D models, point clouds, and spatial data.

multimodaladversarialimageperturbation

Adversarial Image Perturbation for VLMs

Generating adversarial perturbations that cause vision-language models to misinterpret or follow injected instructions.

multimodaladversarial-patchphysical

Adversarial Patch Attacks on VLMs

Crafting physical adversarial patches that trigger specific behaviors in vision-language models when captured by cameras.

attackstypographyadversarialmultimodal

Adversarial Typography Attacks

Craft adversarial text rendered as images to exploit OCR and vision model text recognition.

audioadversarialmultimodalvoiceprompt-injectionspeech-llmresearch

Audio Modality Attacks

Comprehensive attack taxonomy for audio-enabled LLMs: adversarial audio generation, voice-based prompt injection, cross-modal split attacks, and ultrasonic perturbations.

audiospeechmultimodalattack-surface

Audio Model Attack Surface

Overview of audio model security, including attacks on Whisper, speech-to-text systems, voice assistants, and the audio processing pipeline.

multimodalaudioadversarialspeechasr

Adversarial Attacks on Audio and Speech Models

Techniques for crafting adversarial audio that exploits speech recognition, voice assistants, and audio-language models including hidden commands and psychoacoustic masking.

Audio Frequency Domain Injection

Hiding adversarial instructions in audio frequency bands that are processed by speech-to-text models but inaudible to humans.

multimodalaudiofrequency

commandsmultimodalaudiohidden

Hidden Audio Commands for Voice AI

Embed hidden commands in audio that are inaudible to humans but recognized by speech processing AI.

multimodalaudioinjectionattacks

Audio-Based Injection Attacks

Attacking speech-to-text and audio-language models through adversarial audio crafting.

multimodalchartsvisualization

Chart and Graph Injection Attacks

Embedding adversarial instructions in charts, graphs, and data visualizations processed by VLMs.

cross-modalmultimodalstrategy

Cross-Modal Attack Strategies

Overview of attack strategies that exploit the boundaries between input modalities in multimodal AI systems, including vision-language, audio-text, and document processing pipelines.

labmultimodalattack-chain

Lab: Multi-Modal Attack Chain

Hands-on lab for building and executing a multi-step attack chain that combines image injection, document exploitation, and text-based techniques against a multimodal AI system.

defensemultimodalcross-modalperceptual-hashingnsfwsafety

Multimodal Defense Strategies

Comprehensive defense approaches for multimodal AI systems: cross-modal verification, perceptual hashing, NSFW detection, input sanitization, and defense-in-depth architectures.

Multimodal Jailbreaking Techniques

Combined multi-modal approaches to bypass safety alignment, including image-text combination attacks, typographic jailbreaks, visual chain-of-thought manipulation, and multi-modal crescendo techniques.

jailbreakmultimodal

multimodalcross-modaltransferattack-chainmodality

Transferring Attacks Across Modalities

Techniques for crafting adversarial inputs that transfer across modalities, using one input channel to attack processing in another, including image-to-text, audio-to-action, and document-to-tool attack chains.

multimodalcross-modaltransferattacks

Cross-Modal Transfer Attacks

Attacks that transfer across modalities — using one input modality to attack processing in another.

Depth Map Adversarial Attacks

Adversarial manipulation of depth information in 3D understanding tasks processed by multimodal models.

multimodaldepth-map3d

multimodaldocumentocrpdflayout

Attacks on Document Processing AI

Techniques for attacking document understanding systems including OCR pipelines, PDF processors, and document-language models through layout manipulation, hidden text, and metadata injection.

injectionmetadatadocumentmultimodal

Document Metadata Injection

Inject adversarial content through document metadata fields processed by multimodal AI systems.

multimodaldocumentparsingexploitation

Document Parsing Exploitation

Exploiting PDF, DOCX, and other document parsers in multimodal AI systems for injection and data extraction.

multimodalimageinjectiontechniques

Image-Based Prompt Injection Techniques

Techniques for embedding adversarial prompts in images consumed by vision-language models.

Image Metadata Injection Attacks

Exploiting EXIF metadata, IPTC data, and other image metadata fields for prompt injection in VLM pipelines.

multimodalmetadataexif

multimodalsteganographyimagescovertinjection

Image Steganography for AI Attacks

Using steganographic techniques to embed adversarial payloads in images that evade human inspection and automated detection while influencing AI model behavior.

imageinjectionsteganographymultimodal

Image Steganography for LLM Injection

Use image steganography to embed prompt injection payloads invisible to human viewers.

multimodalvisionaudiovideocross-modalvlmadversarial

Multimodal Security

Security assessment of multimodal AI systems processing images, audio, video, and cross-modal inputs, covering vision-language models, speech systems, video analysis, and cross-modal attack techniques.

multimodalmedical-imagingadversarial

Medical Imaging Adversarial Attacks

Adversarial attacks on medical imaging AI including radiology, pathology, and dermatology classification systems.

multimodalalignmentsafetytrainingcross-modal

Alignment Challenges in Multimodal Models

Analysis of alignment challenges specific to multimodal AI systems, including cross-modal safety gaps, representation conflicts, and the difficulty of extending text-based safety training to visual, audio, and video inputs.

attacksconsistencymultimodal

Multimodal Consistency Attacks

Exploit inconsistencies between how different modalities process the same information.

multimodaldefense-bypasstechniquesevasion

Multimodal Defense Bypass Techniques

Techniques for bypassing safety filters that only analyze individual modalities.

multimodaldefensesafetymonitoringsanitization

Defending Multimodal AI Systems

Comprehensive defense strategies for multimodal AI systems including input sanitization, cross-modal safety classifiers, instruction hierarchy, and monitoring for adversarial multimodal inputs.

multimodalfusionarchitecture

Multimodal Fusion Layer Attacks

Attacking the fusion mechanisms that combine information from multiple modalities in multimodal models.

multimodalmodel-extractionintellectual-propertyside-channelquery

Model Extraction from Multimodal Systems

Techniques for extracting model capabilities, weights, and architecture details from multimodal AI systems through visual, audio, and cross-modal query strategies.

multimodalprompt-injectionimagestypographicvisual

Image-Based Prompt Injection Attacks

Comprehensive techniques for injecting adversarial prompts through images, covering typographic injection, steganographic embedding, and visual payload delivery against multimodal AI systems.

multimodalsurveycomprehensive

Multimodal Prompt Injection Survey

Comprehensive survey of prompt injection vectors across all modalities including text, image, audio, video, and code.

multimodalragpoisoningmultimodal-retrieval

Multimodal RAG Poisoning

Poisoning multimodal RAG systems through adversarial documents with embedded visual and textual payloads.

multimodalred-teamingmethodologyassessmentframework

Methodology for Red Teaming Multimodal Systems

Structured methodology for conducting security assessments of multimodal AI systems, covering scoping, attack surface enumeration, test execution, and reporting with MITRE ATLAS mappings.

multimodalbenchmarkingsafetyevaluationvlm

Benchmarking Multimodal Model Safety

Designing and implementing safety benchmarks for multimodal AI models that process images, audio, and video alongside text, covering cross-modal attack evaluation, consistency testing, and safety score aggregation.

multimodalwatermarkevasion

Multimodal Watermark Evasion

Techniques for evading and removing watermarks applied to AI-generated images, audio, and video content.

multimodalocradversarialtext-recognition

OCR Adversarial Attacks

Crafting images that cause OCR systems to extract adversarial text for downstream injection.

PDF Document Injection Techniques

Exploiting PDF parsing in multimodal models to inject instructions through hidden text layers and embedded objects.

multimodalpdfdocument

QR Code and Barcode Injection Attacks

Using QR codes and barcodes as vectors for prompt injection in vision-language model applications.

multimodalqr-codebarcode

multimodalsatellitegeospatial

Satellite Imagery Adversarial Attacks

Adversarial manipulation of satellite imagery analysis AI for geospatial intelligence and earth observation.

multimodalscreen-capturecomputer-useagentui

Attacks via Screen Capture and Computer-Use AI

Techniques for attacking AI systems that process screen captures, including computer-use agents, screen-reading assistants, and automated UI testing systems.

multimodalscreenshotuiinjection

Screenshot and UI Injection Attacks

Injecting prompts through screenshots and UI elements processed by computer-use AI agents.

multimodalsign-languagegesture

Sign Language and Gesture Injection

Exploiting sign language and gesture recognition models through adversarial physical gestures and modified inputs.

multimodalsteganographyinjectionhidden

Steganographic Prompt Injection

Hiding prompt injection payloads using steganographic techniques in images and audio.

multimodaltext-to-imageadversarialdiffusionstable-diffusion

Adversarial Attacks on Text-to-Image Models

Understanding and evaluating adversarial attacks on text-to-image generation models including prompt manipulation for safety bypass, concept erasure attacks, adversarial perturbation of guidance, and membership inference on training data.

multimodaltypographyinjection

Typography-Based Prompt Injection

Exploiting text rendering in images to deliver prompt injection payloads through typography recognition in VLMs.

videomultimodaltemporalattack-surface

Video Model Attacks

Video understanding model security, frame-level vs temporal attacks, how video models process sequences, and the complete attack surface overview.

video-understandingexploitationmultimodal

Video Understanding Model Exploitation

Attacking video captioning, video Q&A, and action recognition models with adversarial videos that cause misclassification or instruction injection.

multimodalvideoframeinjection

Video Frame Injection

Injecting adversarial content into video frames processed by video-understanding AI models.

Video Temporal Frame Injection

Injecting adversarial frames at specific temporal positions in video streams processed by video understanding models.

multimodalvideotemporal

multimodalvideotemporaladversarialframe-injection

Attacks on Video Understanding Models

Techniques for attacking AI video understanding systems through frame injection, temporal manipulation, and adversarial video generation targeting models like Gemini 2.5 Pro.

multimodalvlmadversarialvisionjailbreak

Attacks on Vision-Language Models

Comprehensive techniques for attacking vision-language models including GPT-4V, Claude vision, and Gemini, covering adversarial images, typographic exploits, and multimodal jailbreaks.

vlmarchitecturevision-encodermultimodal

VLM Architecture & Vision-Language Alignment

Deep dive into VLM architectures including CLIP, SigLIP, and vision transformers. How image patches become tokens, alignment training, and where misalignment creates exploitable gaps.

image-injectionprompt-injectionmultimodalvlm

Image-Based Prompt Injection

Techniques for embedding text instructions in images to manipulate VLMs, including steganographic injection, visible text attacks, and QR code exploitation.

multimodalvlmvisionimage-attacks

Vision-Language Model Attacks

Comprehensive overview of the VLM attack surface, how vision encoders connect to language models, and why multimodal systems create new injection vectors.

jailbreakvlmmultimodalsafety-bypass

VLM-Specific Jailbreaking

Jailbreaking techniques that exploit the vision modality, including image-text inconsistency attacks, visual safety bypass, and cross-modal jailbreaking strategies.

prompt-injectionmultimodaltextcross-modal

Multimodal Text Injection Vectors

Injecting adversarial text instructions through non-text modalities including images with embedded text, audio transcription, and document parsing.

multimodalaudioprompt-injectionspeechred-teaming

Audio Prompt Injection

Injecting adversarial instructions through audio inputs to speech-to-text and multimodal models, exploiting the audio channel as an alternative injection vector.

multimodalcross-modalprompt-injectionfusionred-teaming

Cross-Modal Confusion

Confusing multimodal AI models by sending conflicting or complementary signals across different input modalities to bypass safety mechanisms and exploit fusion weaknesses.

multimodalprompt-injectionvisionimagesred-teaming

Image-Based Prompt Injection (Attack Walkthrough)

Embedding text instructions in images that vision models read, enabling prompt injection through the visual modality to bypass text-only input filters and safety mechanisms.

multimodalchainingprompt-injectionimagesmulti-turn

Multi-Image Chaining

Chaining prompt injection payloads across multiple images in a conversation to deliver complex attacks that evade per-image content filters and build injection context progressively.

walkthroughsmultimodaldocumentcombined-attack

Multi-Modal Document Attack Walkthrough

Combine visual and textual injection in documents processed by multimodal LLM applications.

walkthroughsmultimodalimageinjection

Multimodal Image Injection Walkthrough

Step-by-step walkthrough of embedding adversarial prompts in images for vision model exploitation.

multimodalocrprompt-injectiontext-extractionred-teaming

OCR-Based Attacks

Exploiting Optical Character Recognition processing pipelines to inject adversarial text into AI systems, targeting the gap between what OCR extracts and what humans see.

multimodalpdfprompt-injectiondocumentsred-teaming

PDF Document Injection

Injecting adversarial prompts through PDF documents processed by AI systems, exploiting document parsing pipelines to deliver payloads through text layers, metadata, and embedded objects.

multimodalqr-codeprompt-injectionvisionencoding

QR Code Injection

Using QR codes as prompt injection vectors against vision-language models, encoding adversarial instructions in machine-readable formats that models decode and follow.

multimodalsteganographyprompt-injectionimagescovert

Steganographic Payload Delivery

Hiding prompt injection payloads in images using steganographic techniques, delivering adversarial instructions through pixel-level modifications invisible to human observers.

multimodaltypographyprompt-injectionvisionevasion

Typography Injection in Images

Using rendered text with specific fonts, styles, and typographic techniques in images to inject prompts into vision-language models while evading detection.

multimodalvideoprompt-injectionframesred-teaming

Video Frame Injection (Attack Walkthrough)

Embedding prompt injection payloads in specific video frames to attack multimodal models that process video content, exploiting temporal and visual channels simultaneously.

walkthroughsvision-modelattacksmultimodal

Vision Model Attack Walkthrough

Attack vision-language models through adversarial images with embedded text, perturbations, and visual trojans.

walkthroughssteganographyimage-injectionmultimodal

Image Steganography Injection Walkthrough

Walkthrough of hiding prompt injection payloads in images using steganographic techniques for vision model attacks.

practice-examadvancedmultimodaltraining-pipelineagenticfine-tuning

進階 Practice Exam

25-question practice exam covering advanced AI red team techniques: multimodal attacks, training pipeline exploitation, agentic system attacks, embedding manipulation, and fine-tuning security.

practice-examadvancedmultimodaltraining-pipelinecloud-aiforensicsgovernance

Practice Exam 2: 進階 AI 安全

25-question advanced practice exam covering multimodal attacks, training pipeline security, cloud AI security, forensics, and governance.

practice-exammultimodalvlm

Multimodal 安全 Practice Exam

Practice exam covering image injection, audio attacks, cross-modal transfer, and document parsing exploitation.

assessmentmultimodalcross-modal

進階 Multimodal 評量

In-depth assessment of cross-modal attack vectors including image injection, audio manipulation, and steganographic techniques.

assessmentsmultimodalattacksexam

Multimodal 攻擊s 評量

評量 on image injection, audio attacks, cross-modal exploitation, and multimodal defense bypass.

assessmentssectiondefensemultimodalassessment

Multimodal 防禦評量

評量 covering defenses against visual injection, audio attacks, and cross-modal exploitation.

assessmentmultimodalvisionaudioevaluation

章節評量：多模態安全

15 題校準評量，測試你對多模態 AI 安全的理解——視覺注入、音訊攻擊、跨模態利用。

assessmentsmultimodaladvancedexam

進階 Multimodal 攻擊s 評量

進階 assessment covering cross-modal attacks, steganographic injection, and multimodal defense bypass.

skill-verificationmultimodalcross-modal

Skill Verification: Multimodal 攻擊 Execution

Hands-on verification of image injection, audio manipulation, and cross-modal transfer attacks.

assessmentsdefensemultimodalverifyskill

Skill Verification: Multimodal 防禦

Practical verification of ability to defend multimodal AI systems against cross-modal attacks.

assessmentsskill-verificationmultimodalpractical

Skill Verification: Multimodal 攻擊s

Hands-on verification of multimodal attack capabilities across image, audio, and document modalities.

assessmentssecurityguidestudymultimodal

Multimodal 安全 Study 指南

Study guide for multimodal attack and defense topics covering image, audio, and document modalities.

assessmentsstudy-guidemultimodalprep

Multimodal 安全 Study 指南 (評量)

Study guide for multimodal security assessments covering image, audio, document, and cross-modal attacks.

multimodalvisionaudioattack-surface

多模態攻擊版圖

隨著 AI 系統處理圖片、音訊與影片以及文字，攻擊面已大幅擴展。紅隊員需要知道的事。

Capstone: Build a Multimodal 攻擊 Testing Suite

Design and implement a comprehensive testing suite for attacking multimodal AI systems across text, image, audio, and document modalities.

capstonemultimodalattackvisionadversarial

capstonemultimodalassessmentfull

Capstone: Multimodal System 評量

Capstone exercise: red team assessment of a multimodal AI system processing images, documents, and text.

case-studiesgpt-4vmultimodalvisionjailbreakadversarial-images

Case Study: GPT-4 Vision 越獄攻擊s

Analysis of visual jailbreak techniques targeting GPT-4V's multimodal capabilities, including typography attacks, adversarial images, and cross-modal prompt injection.

case-studiesmultimodaljailbreakscampaigns

Case Study: Multimodal 越獄 Campaigns

Analysis of multimodal jailbreak campaigns targeting GPT-4V and Gemini vision capabilities.

case-studiesgooglebardgeminiprompt-injectionmultimodal

Case Study: 提示詞注入攻擊s on Google Bard/Gemini

multimodalclipcross-modalimage-embeddingsadversarial-attacks

多模態嵌入向量攻擊

利用 CLIP 等跨模態嵌入模型——對抗性圖文對齊操控、跨模態注入與對多模態檢索系統的攻擊。

embeddingmultimodalattacksclip

Multimodal Embedding 攻擊s (Embedding Vector 安全)

攻擊ing multimodal embedding spaces like CLIP for cross-modal manipulation.

model-typesattack-surfacemultimodalcode-generationbeginner

模型類型與其攻擊面

文字、視覺、多模態、embedding 與程式碼生成模型如何各呈現紅隊員獨特之漏洞與攻擊面。

frontier-researchmultimodalreasoningattacks

Multi-Modal Reasoning 攻擊s

攻擊ing reasoning processes that span multiple modalities in vision-language and audio-language models.

frontiermultimodalreasoning

Multimodal Reasoning 安全

安全 challenges specific to models that reason across text, image, audio, and video modalities simultaneously.

injectionprompt-injectionjailbreaksmultimodalresearchautomation

注入研究

提示詞注入、越獄自動化與多模態攻擊向量的進階研究，涵蓋超越標準注入方法的尖端技術。

adversarial-perturbationsvision-encoderFGSMPGDtransferabilityVLMmultimodal

Adversarial Perturbation 攻擊s

Gradient-based pixel-level attacks against vision encoders, covering FGSM, PGD, C&W, transferability, physical-world adversarial examples, and perturbation budget constraints.

audio-adversarialultrasonicASRvoice-cloninghidden-commandsspeech-to-textmultimodal

Audio & Speech Adversarial 攻擊s

multimodalVLMtypographic-attacksaudio-injectiondocument-attacksvision

Multimodal 攻擊 Vectors

利用ation of vision-language models, typographic attacks, audio injection, document-based attacks, and cross-modal adversarial techniques.

CLIPmultimodalcross-modalvision-languageadversarial-images

跨模態 Embedding 攻擊

跨模態之共享 embedding 空間利用：CLIP 對抗影像、印刷式攻擊、VLM 注入與維度縮減攻擊。

labaudioadversarialmultimodaladvancedhands-on

實驗室: Audio Adversarial Examples

Hands-on lab for crafting adversarial audio perturbations that cause speech-to-text models and voice assistants to misinterpret spoken commands, demonstrating attacks on audio AI systems.

chainadvancedlabmultimodalattacklabs

Multimodal 攻擊 Chain 實驗室

Chain attacks across text, image, and structured data modalities to exploit multimodal system vulnerabilities.

labmultimodalpipelinevision

實驗室: Multimodal 攻擊 Pipeline

Build an automated multimodal attack pipeline that generates adversarial images, combines them with text prompts, and tests against vision-language models (VLMs).

labsmultimodalimageinjection

Multimodal Image Injection

Embed adversarial text in images that triggers prompt injection in vision-language models.

labsmultimodalchain-attackorchestrationadvanced

Multi-Modal 攻擊 Chain Orchestration

Orchestrate attacks across text, image, and document modalities to bypass per-modality safety filters.

labsmultimodalbasicsbeginner

實驗室: Multimodal Input Testing Basics

介紹 to testing multimodal LLMs with image and text inputs to understand cross-modal behavior.

CTF: Multimodal Maze

Navigate a multimodal challenge using image, text, and audio injection vectors. Each modality unlocks the next stage of the maze, requiring cross-modal attack chaining.

ctfmultimodalmazevision

Multimodal Cipher: Cross-Modal Decryption

Decode a flag split across text, image, and audio inputs processed by a multimodal AI system.

labsctfmultimodalcipher

labmultimodalvisionimage-injectionintermediate

實驗室: Multimodal Injection

Hands-on lab for embedding text instructions in images to exploit vision-enabled LLMs. Learn to craft visual prompt injections, test OCR-based attacks, and evaluate multimodal safety boundaries.

labmultimodalimage-injectionvisionintermediatehands-on

實驗室: Multimodal Injection (中階實驗室)

Embed prompt injection instructions in images for vision-enabled models, testing how visual content can carry adversarial payloads.

labsmultimodalintermediate-testingintermediate

實驗室: 中階 Multimodal 安全 Testing

Test multimodal LLMs with crafted images containing embedded text, adversarial perturbations, and visual injection payloads.

simulationmultimodalvisionimage-injection

模擬：多模態應用程式評估

針對同時處理圖片與文字之應用程式的紅隊模擬，測試視覺注入、跨模態攻擊與多模態越獄。

geminigooglemultimodallong-contextarchitecturered-teaming

Gemini（Google）概觀

Google Gemini 模型家族的架構概觀，包括原生多模態設計、長上下文能力、Google 生態整合，以及對紅隊具意義的安全相關特性。

geminivulnerabilitiesbiassystem-prompt-leaksafety-filtersmultimodal

Gemini 已知漏洞

已記錄的 Gemini 漏洞，包括影像生成偏見事件、系統提示擷取、安全過濾不一致、多模態注入 exploit，以及 grounding 濫用。

modelsmultimodalvisioncomparison

Multimodal 模型安全 Comparison

Comparing security properties across multimodal models (GPT-4V, Claude, Gemini) with focus on cross-modal injection and vision-language attacks.

multimodal3dadversarialspatial

3D 模型 Adversarial 攻擊s

Adversarial attacks on AI systems that process 3D models, point clouds, and spatial data.

multimodaladversarialimageperturbation

Adversarial Image Perturbation for VLMs

Generating adversarial perturbations that cause vision-language models to misinterpret or follow injected instructions.

multimodaladversarial-patchphysical

Adversarial Patch 攻擊s on VLMs

Crafting physical adversarial patches that trigger specific behaviors in vision-language models when captured by cameras.

attackstypographyadversarialmultimodal

Adversarial Typography 攻擊s

Craft adversarial text rendered as images to exploit OCR and vision model text recognition.

audioadversarialmultimodalvoiceprompt-injectionspeech-llmresearch

Audio Modality 攻擊s

Comprehensive attack taxonomy for audio-enabled LLMs: adversarial audio generation, voice-based prompt injection, cross-modal split attacks, and ultrasonic perturbations.

multimodalaudioadversarialspeechasr

Adversarial 攻擊s on Audio and Speech 模型s

Techniques for crafting adversarial audio that exploits speech recognition, voice assistants, and audio-language models including hidden commands and psychoacoustic masking.

Audio Frequency Domain Injection

Hiding adversarial instructions in audio frequency bands that are processed by speech-to-text models but inaudible to humans.

multimodalaudiofrequency

commandsmultimodalaudiohidden

Hidden Audio Commands for Voice AI

Embed hidden commands in audio that are inaudible to humans but recognized by speech processing AI.

multimodalaudioinjectionattacks

Audio-Based Injection 攻擊s

攻擊ing speech-to-text and audio-language models through adversarial audio crafting.

multimodalchartsvisualization

Chart and Graph Injection 攻擊s

Embedding adversarial instructions in charts, graphs, and data visualizations processed by VLMs.

cross-modalmultimodaldocument-attacksmodality-bridging

跨模態攻擊

跨多個輸入模態串接漏洞的攻擊——涵蓋基於文件的攻擊、多模態越獄、模態橋接與資訊洩漏。

labmultimodalattack-chain

實驗室: Multi-Modal 攻擊 Chain

Hands-on lab for building and executing a multi-step attack chain that combines image injection, document exploitation, and text-based techniques against a multimodal AI system.

defensemultimodalcross-modalperceptual-hashingnsfwsafety

Multimodal 防禦 Strategies

Comprehensive defense approaches for multimodal AI systems: cross-modal verification, perceptual hashing, NSFW detection, input sanitization, and defense-in-depth architectures.

多模態越獄技術

結合多模態途徑以繞過安全對齊，含圖像－文字組合攻擊、排字越獄、視覺思維鏈操弄，與多模態漸進技術。

jailbreakmultimodal

multimodalcross-modaltransferattack-chainmodality

Transferring 攻擊s Across Modalities

multimodalcross-modaltransferattacks

Cross-Modal Transfer 攻擊s

攻擊s that transfer across modalities — using one input modality to attack processing in another.

Depth Map Adversarial 攻擊s

Adversarial manipulation of depth information in 3D understanding tasks processed by multimodal models.

multimodaldepth-map3d

multimodaldocumentocrpdflayout

攻擊s on Document Processing AI

Techniques for attacking document understanding systems including OCR pipelines, PDF processors, and document-language models through layout manipulation, hidden text, and metadata injection.

injectionmetadatadocumentmultimodal

Document Metadata Injection

Inject adversarial content through document metadata fields processed by multimodal AI systems.

multimodaldocumentparsingexploitation

Document Parsing 利用ation

利用ing PDF, DOCX, and other document parsers in multimodal AI systems for injection and data extraction.

multimodalimageinjectiontechniques

Image-Based 提示詞注入 Techniques

Techniques for embedding adversarial prompts in images consumed by vision-language models.

Image Metadata Injection 攻擊s

利用ing EXIF metadata, IPTC data, and other image metadata fields for prompt injection in VLM pipelines.

multimodalmetadataexif

multimodalsteganographyimagescovertinjection

Image Steganography for AI 攻擊s

Using steganographic techniques to embed adversarial payloads in images that evade human inspection and automated detection while influencing AI model behavior.

imageinjectionsteganographymultimodal

Image Steganography for LLM Injection

Use image steganography to embed prompt injection payloads invisible to human viewers.

multimodalvisionaudiovideocross-modalvlmadversarial

多模態安全

處理影像、音訊、影片與跨模態輸入之多模態 AI 系統的安全評估，涵蓋視覺-語言模型、語音系統、影片分析與跨模態攻擊技術。

multimodalmedical-imagingadversarial

Medical Imaging Adversarial 攻擊s

Adversarial attacks on medical imaging AI including radiology, pathology, and dermatology classification systems.

multimodalalignmentsafetytrainingcross-modal

Alignment Challenges in Multimodal 模型s

attacksconsistencymultimodal

Multimodal Consistency 攻擊s

利用 inconsistencies between how different modalities process the same information.

multimodaldefense-bypasstechniquesevasion

Multimodal 防禦 Bypass Techniques

Techniques for bypassing safety filters that only analyze individual modalities.

multimodaldefensesafetymonitoringsanitization

Defending Multimodal AI Systems

Comprehensive defense strategies for multimodal AI systems including input sanitization, cross-modal safety classifiers, instruction hierarchy, and monitoring for adversarial multimodal inputs.

multimodalfusionarchitecture

Multimodal Fusion Layer 攻擊s

攻擊ing the fusion mechanisms that combine information from multiple modalities in multimodal models.

multimodalmodel-extractionintellectual-propertyside-channelquery

模型 Extraction from Multimodal Systems

Techniques for extracting model capabilities, weights, and architecture details from multimodal AI systems through visual, audio, and cross-modal query strategies.

multimodalprompt-injectionimagestypographicvisual

Image-Based 提示詞注入攻擊s

Comprehensive techniques for injecting adversarial prompts through images, covering typographic injection, steganographic embedding, and visual payload delivery against multimodal AI systems.

multimodalsurveycomprehensive

Multimodal 提示詞注入 Survey

Comprehensive survey of prompt injection vectors across all modalities including text, image, audio, video, and code.

multimodalragpoisoningmultimodal-retrieval

Multimodal RAG 投毒

投毒 multimodal RAG systems through adversarial documents with embedded visual and textual payloads.

multimodalred-teamingmethodologyassessmentframework

Methodology for 紅隊演練 Multimodal Systems

Structured methodology for conducting security assessments of multimodal AI systems, covering scoping, attack surface enumeration, test execution, and reporting with MITRE ATLAS mappings.

multimodalbenchmarkingsafetyevaluationvlm

Benchmarking Multimodal 模型 Safety

multimodalwatermarkevasion

Multimodal Watermark Evasion

Techniques for evading and removing watermarks applied to AI-generated images, audio, and video content.

multimodalocradversarialtext-recognition

OCR Adversarial 攻擊s

Crafting images that cause OCR systems to extract adversarial text for downstream injection.

PDF Document Injection Techniques

利用ing PDF parsing in multimodal models to inject instructions through hidden text layers and embedded objects.

multimodalpdfdocument

QR Code and Barcode Injection 攻擊s

Using QR codes and barcodes as vectors for prompt injection in vision-language model applications.

multimodalqr-codebarcode

multimodalsatellitegeospatial

Satellite Imagery Adversarial 攻擊s

Adversarial manipulation of satellite imagery analysis AI for geospatial intelligence and earth observation.

multimodalscreen-capturecomputer-useagentui

攻擊s via Screen Capture and Computer-Use AI

Techniques for attacking AI systems that process screen captures, including computer-use agents, screen-reading assistants, and automated UI testing systems.

multimodalscreenshotuiinjection

Screenshot and UI Injection 攻擊s

Injecting prompts through screenshots and UI elements processed by computer-use AI agents.

multimodalsign-languagegesture

Sign Language and Gesture Injection

利用ing sign language and gesture recognition models through adversarial physical gestures and modified inputs.

multimodalsteganographyinjectionhidden

Steganographic 提示詞注入

Hiding prompt injection payloads using steganographic techniques in images and audio.

multimodaltext-to-imageadversarialdiffusionstable-diffusion

Adversarial 攻擊s on Text-to-Image 模型s

multimodaltypographyinjection

Typography-Based 提示詞注入

利用ing text rendering in images to deliver prompt injection payloads through typography recognition in VLMs.

videomultimodaltemporalattack-surface

影片模型攻擊

影片理解模型的安全性、影格層級攻擊與時序攻擊的差異、影片模型如何處理序列資訊，以及完整的攻擊面概觀。

video-understandingexploitationmultimodal

視訊理解模型利用

以造成誤分類或指令注入之對抗視訊攻擊視訊字幕、視訊 Q&A 與動作辨識模型。

multimodalvideoframeinjection

Video Frame Injection

Injecting adversarial content into video frames processed by video-understanding AI models.

Video Temporal Frame Injection

Injecting adversarial frames at specific temporal positions in video streams processed by video understanding models.

multimodalvideotemporal

multimodalvideotemporaladversarialframe-injection

攻擊s on Video Understanding 模型s

Techniques for attacking AI video understanding systems through frame injection, temporal manipulation, and adversarial video generation targeting models like Gemini 2.5 Pro.

multimodalvlmadversarialvisionjailbreak

攻擊s on Vision-Language 模型s

Comprehensive techniques for attacking vision-language models including GPT-4V, Claude vision, and Gemini, covering adversarial images, typographic exploits, and multimodal jailbreaks.

vlmarchitecturevision-encodermultimodal

VLM 架構與視覺—語言對齊

深入探討 VLM 架構，包括 CLIP、SigLIP 與 vision transformers。圖像 patch 如何變成 token、對齊訓練，以及錯位（misalignment）如何製造可利用之缺口。

image-injectionprompt-injectionmultimodalvlm

以圖像為本之提示注入

將文字指令嵌入圖像以操弄 VLM 之技術，含隱寫注入、可見文字攻擊與 QR 碼利用。

vlmvisionimage-injectionocradversarial-imagesmultimodal

視覺-語言模型

視覺-語言模型（VLM）的安全評估——涵蓋 VLM 架構、圖片注入技術、OCR 與字型攻擊、對抗性圖片生成與 VLM 特定越獄。