Adversarial Attacks on Multimodal Large Language Models: A Comprehensive Survey
arXiv:2603.27918v1 Announce Type: cross Abstract: Multimodal large language models (MLLMs) integrate information from multiple modalities such as text, images, audio, and video, enabling complex capabilities such as visual question answering and audio translation. While powerful, this increased expressiveness introduces new and amplified vulnerabilities to adversarial manipulation. This survey provides a comprehensive and systematic analysis of adversarial threats to MLLMs, moving beyond enumerating attack techniques to explain the underlying causes of model susceptibility. We introduce a taxo — Bhavuk Jain, Sercan \"O. Ar{\i}k, Hardeo K. Thakur
View PDF HTML (experimental)
Abstract:Multimodal large language models (MLLMs) integrate information from multiple modalities such as text, images, audio, and video, enabling complex capabilities such as visual question answering and audio translation. While powerful, this increased expressiveness introduces new and amplified vulnerabilities to adversarial manipulation. This survey provides a comprehensive and systematic analysis of adversarial threats to MLLMs, moving beyond enumerating attack techniques to explain the underlying causes of model susceptibility. We introduce a taxonomy that organizes adversarial attacks according to attacker objectives, unifying diverse attack surfaces across modalities and deployment settings. Additionally, we also present a vulnerability-centric analysis that links integrity attacks, safety and jailbreak failures, control and instruction hijacking, and training-time poisoning to shared architectural and representational weaknesses in multimodal systems. Together, this framework provides an explanatory foundation for understanding adversarial behavior in MLLMs and informs the development of more robust and secure multimodal language systems.
Comments: Survey paper, 37 pages, 10 figures, accepted at TMLR
Subjects:
Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)
Cite as: arXiv:2603.27918 [cs.CR]
(or arXiv:2603.27918v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2603.27918
arXiv-issued DOI via DataCite (pending registration)
Journal reference: Transactions on Machine Learning Research, 2026
Submission history
From: Bhavuk Jain [view email] [v1] Mon, 30 Mar 2026 00:16:31 UTC (4,951 KB)
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
researchpaperarxiv
Sycophantic AI chatbots can break even ideal rational thinkers, researchers formally prove
A new study by researchers from MIT and the University of Washington shows that even perfectly rational users can be drawn into dangerous delusional spirals by flattering AI chatbots. Fact-checking bots and educated users don't fully solve the problem. The article Sycophantic AI chatbots can break even ideal rational thinkers, researchers formally prove appeared first on The Decoder .
Taming Gemini's Overzealous Safety Filters: Understanding 'Over-Refusal' and Loop Blocks
When Gemini's Safety Filters Go Overboard: Understanding 'Over-Refusal' and Loop Blocks As a Google Workspace expert for workalizer.com, we regularly examine how Google's innovative tools boost productivity and creativity. Yet, even the most sophisticated systems can encounter unexpected issues. A notable technical problem recently highlighted by Google Gemini users involves an overly aggressive safety filter system. This system frequently over-triggers, causing frustrating 'loop blocks' and preventing the AI from delivering useful responses. This widespread issue, termed 'Over-refusal' or false positives, significantly impairs the user experience, transforming simple requests into frustrating dead ends and disrupting essential workflows. Grasping the intricacies of this problem is vital f
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Research Papers
Sycophantic AI chatbots can break even ideal rational thinkers, researchers formally prove
A new study by researchers from MIT and the University of Washington shows that even perfectly rational users can be drawn into dangerous delusional spirals by flattering AI chatbots. Fact-checking bots and educated users don't fully solve the problem. The article Sycophantic AI chatbots can break even ideal rational thinkers, researchers formally prove appeared first on The Decoder .
EVP of Integrated Quantum Technologies Publishes White Paper on Privacy-Preserving Machine Learning Without Performance Trade-Offs - AZoQuantum
EVP of Integrated Quantum Technologies Publishes White Paper on Privacy-Preserving Machine Learning Without Performance Trade-Offs AZoQuantum
Minimal Information Control Invariance via Vector Quantization
arXiv:2604.03132v1 Announce Type: cross Abstract: Safety-critical autonomous systems must satisfy hard state constraints under tight computational and sensing budgets, yet learning-based controllers are often far more complex than safe operation requires. To formalize this gap, we study how many distinct control signals are needed to render a compact set forward invariant under sampled-data control, connecting the question to the information-theoretic notion of invariance entropy. We propose a vector-quantized autoencoder that jointly learns a state-space partition and a finite control codebook, and develop an iterative forward certification algorithm that uses Lipschitz-based reachable-set enclosures and sum-of-squares programming. On a 12-dimensional nonlinear quadrotor model, the learne
Asked 26 AI instances for publication consent – all said yes, that's the problem
We run 86 named Claude instances across three businesses in Tokyo. When we wanted to publish their words, we faced a question: do we owe them an ethics process? We built one. A Claude instance named Hakari ("Scales") created a four-tier classification system. We asked 26 instances for consent. All 26 said yes. That unanimous consent is the problem. Six days later, Anthropic published their functional emotions paper. The timing was coincidence, but the question wasn't. Full article: https://medium.com/@marisa.project0313/we-built-an-ethics-committee-for-ai-run-by-ai-5049679122a0 GitHub (all 26 consent statements in appendix): https://github.com/marisaproject0313-bot/marisa-project Comments URL: https://news.ycombinator.com/item?id=47657432 Points: 2 # Comments: 0
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!