{"id":"https://openalex.org/W4416773970","doi":"https://doi.org/10.48550/arxiv.2511.20494","title":"Adversarial Confusion Attack: Disrupting Multimodal Large Language Models","display_name":"Adversarial Confusion Attack: Disrupting Multimodal Large Language Models","publication_year":2025,"publication_date":"2025-11-25","ids":{"openalex":"https://openalex.org/W4416773970","doi":"https://doi.org/10.48550/arxiv.2511.20494"},"language":null,"primary_location":{"id":"pmh:oai:arXiv.org:2511.20494","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.20494","pdf_url":"https://arxiv.org/pdf/2511.20494","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2511.20494","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5003640619","display_name":"Jakub Ho\u015bci\u0142owicz","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Hoscilowicz, Jakub","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5084366475","display_name":"Artur Janicki","orcid":"https://orcid.org/0000-0002-9937-4402"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Janicki, Artur","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5003640619"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9591000080108643,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9591000080108643,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.006500000134110451,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10775","display_name":"Generative Adversarial Networks and Image Synthesis","score":0.005400000140070915,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9621999859809875},{"id":"https://openalex.org/keywords/confusion","display_name":"Confusion","score":0.7121000289916992},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.5408999919891357},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.5297999978065491},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.5113999843597412},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.36090001463890076}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9621999859809875},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7121000289916992},{"id":"https://openalex.org/C2781140086","wikidata":"https://www.wikidata.org/wiki/Q557945","display_name":"Confusion","level":2,"score":0.7121000289916992},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.5408999919891357},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.5297999978065491},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5293999910354614},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.5113999843597412},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.36090001463890076},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3257000148296356},{"id":"https://openalex.org/C9679016","wikidata":"https://www.wikidata.org/wiki/Q1417473","display_name":"Principle of maximum entropy","level":2,"score":0.31200000643730164},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2921000123023987},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.28839999437332153},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27950000762939453},{"id":"https://openalex.org/C163339463","wikidata":"https://www.wikidata.org/wiki/Q484598","display_name":"CAPTCHA","level":2,"score":0.2556999921798706}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2511.20494","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.20494","pdf_url":"https://arxiv.org/pdf/2511.20494","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2511.20494","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2511.20494","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2511.20494","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.20494","pdf_url":"https://arxiv.org/pdf/2511.20494","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"We":[0],"introduce":[1],"the":[2,22,31,70,85,89,103],"Adversarial":[3,92],"Confusion":[4],"Attack,":[5],"a":[6,63,76,98],"new":[7],"class":[8],"of":[9,66],"threats":[10],"against":[11],"multimodal":[12],"large":[13],"language":[14],"models":[15,83],"(MLLMs).":[16],"Unlike":[17],"jailbreaks":[18],"or":[19,35],"targeted":[20],"misclassification,":[21],"goal":[23],"is":[24],"to":[25,48,109],"induce":[26],"systematic":[27],"disruption":[28],"that":[29,75,107],"makes":[30],"model":[32],"generate":[33],"incoherent":[34],"confidently":[36],"incorrect":[37],"outputs.":[38],"Practical":[39],"applications":[40],"include":[41],"embedding":[42],"such":[43],"adversarial":[44,78,100],"images":[45],"into":[46],"websites":[47],"prevent":[49],"MLLM-powered":[50],"AI":[51],"Agents":[52],"from":[53],"operating":[54],"reliably.":[55],"The":[56],"proposed":[57],"attack":[58,104],"maximizes":[59],"next-token":[60],"entropy":[61],"using":[62],"small":[64],"ensemble":[65],"open-source":[67,112],"MLLMs.":[68],"In":[69],"white-box":[71],"setting,":[72],"we":[73],"show":[74],"single":[77],"image":[79],"can":[80],"disrupt":[81],"all":[82],"in":[84,88],"ensemble,":[86],"both":[87,110],"full-image":[90],"and":[91,115],"CAPTCHA":[93],"settings.":[94],"Despite":[95],"relying":[96],"on":[97],"basic":[99],"technique":[101],"(PGD),":[102],"generates":[105],"perturbations":[106],"transfer":[108],"unseen":[111],"(e.g.,":[113,117],"Qwen3-VL)":[114],"proprietary":[116],"GPT-5.1)":[118],"models.":[119]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-28T00:00:00"}