{"id":"https://openalex.org/W7147684987","doi":"https://doi.org/10.48550/arxiv.2603.29418","title":"Adversarial Prompt Injection Attack on Multimodal Large Language Models","display_name":"Adversarial Prompt Injection Attack on Multimodal Large Language Models","publication_year":2026,"publication_date":"2026-03-31","ids":{"openalex":"https://openalex.org/W7147684987","doi":"https://doi.org/10.48550/arxiv.2603.29418"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.29418","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.29418","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.29418","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123643738","display_name":"Meiwen Ding","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ding, Meiwen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132727395","display_name":"Song Xia","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xia, Song","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058765046","display_name":"Chenqi Kong","orcid":"https://orcid.org/0000-0002-3958-6489"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kong, Chenqi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5132566999","display_name":"Xudong Jiang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiang, Xudong","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5123643738"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.42170000076293945,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.42170000076293945,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.29159998893737793,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10775","display_name":"Generative Adversarial Networks and Image Synthesis","score":0.04749999940395355,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.6251000165939331},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.607200026512146},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.4765999913215637},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4702000021934509},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.4244999885559082},{"id":"https://openalex.org/keywords/closed-captioning","display_name":"Closed captioning","score":0.41620001196861267},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.39430001378059387},{"id":"https://openalex.org/keywords/visual-reasoning","display_name":"Visual reasoning","score":0.38760000467300415}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7922000288963318},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.6251000165939331},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6193000078201294},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.607200026512146},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.4765999913215637},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4702000021934509},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.4480000138282776},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.4244999885559082},{"id":"https://openalex.org/C157657479","wikidata":"https://www.wikidata.org/wiki/Q2367247","display_name":"Closed captioning","level":3,"score":0.41620001196861267},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.39430001378059387},{"id":"https://openalex.org/C2777508537","wikidata":"https://www.wikidata.org/wiki/Q7936620","display_name":"Visual reasoning","level":2,"score":0.38760000467300415},{"id":"https://openalex.org/C136085584","wikidata":"https://www.wikidata.org/wiki/Q910289","display_name":"Overlay","level":2,"score":0.38659998774528503},{"id":"https://openalex.org/C2780878386","wikidata":"https://www.wikidata.org/wiki/Q1659648","display_name":"Visual language","level":2,"score":0.3847000002861023},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3628000020980835},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.33640000224113464},{"id":"https://openalex.org/C34388435","wikidata":"https://www.wikidata.org/wiki/Q2267362","display_name":"Bounded function","level":2,"score":0.33399999141693115},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.33009999990463257},{"id":"https://openalex.org/C160086991","wikidata":"https://www.wikidata.org/wiki/Q5939193","display_name":"Human visual system model","level":3,"score":0.30720001459121704},{"id":"https://openalex.org/C175154964","wikidata":"https://www.wikidata.org/wiki/Q380077","display_name":"Task analysis","level":3,"score":0.30219998955726624},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.2903999984264374},{"id":"https://openalex.org/C2983448237","wikidata":"https://www.wikidata.org/wiki/Q1078276","display_name":"Language understanding","level":2,"score":0.2815999984741211},{"id":"https://openalex.org/C178253425","wikidata":"https://www.wikidata.org/wiki/Q162668","display_name":"Visual perception","level":3,"score":0.27129998803138733},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2644999921321869},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2581000030040741},{"id":"https://openalex.org/C2986089797","wikidata":"https://www.wikidata.org/wiki/Q6501338","display_name":"Visual attention","level":3,"score":0.25290000438690186}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.29418","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.29418","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.29418","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.29418","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Although":[0],"multimodal":[1,144],"large":[2],"language":[3],"models":[4],"(MLLMs)":[5],"are":[6,36,57],"increasingly":[7],"deployed":[8],"in":[9,59],"real-world":[10],"applications,":[11],"their":[12],"instruction-following":[13],"behavior":[14],"leaves":[15],"them":[16],"vulnerable":[17],"to":[18,79,91,130,159],"prompt":[19,23,48,69],"injection":[20,24,49],"attacks.":[21],"Existing":[22],"methods":[25],"predominantly":[26],"rely":[27],"on":[28,142],"textual":[29,107],"prompts":[30,34],"or":[31],"perceptible":[32],"visual":[33,47,61,86,105,117],"that":[35],"observable":[37],"by":[38],"human":[39],"users.":[40],"In":[41],"this":[42],"work,":[43],"we":[44],"study":[45],"imperceptible":[46,85],"against":[50],"powerful":[51],"closed-source":[52,149],"MLLMs,":[53],"where":[54],"adversarial":[55],"instructions":[56],"embedded":[58],"the":[60,67,71,84,93,97,103,116,134,152],"modality.":[62],"Our":[63],"method":[64],"adaptively":[65],"embeds":[66],"malicious":[68,104],"into":[70],"input":[72],"image":[73,99,124],"via":[74],"a":[75,122],"bounded":[76],"text":[77],"overlay":[78],"provide":[80],"semantic":[81],"guidance.":[82],"Meanwhile,":[83],"perturbation":[87],"is":[88,119],"iteratively":[89],"optimized":[90],"align":[92],"feature":[94],"representation":[95],"of":[96,102,155],"attacked":[98],"with":[100],"those":[101],"and":[106,112,125,137],"targets":[108],"at":[109],"both":[110],"coarse-":[111],"fine-grained":[113],"levels.":[114],"Specifically,":[115],"target":[118],"instantiated":[120],"as":[121],"text-rendered":[123],"progressively":[126],"refined":[127],"during":[128],"optimization":[129],"more":[131],"faithfully":[132],"represent":[133],"desired":[135],"semantics":[136],"improve":[138],"transferability.":[139],"Extensive":[140],"experiments":[141],"two":[143],"understanding":[145],"tasks":[146],"across":[147],"multiple":[148],"MLLMs":[150],"demonstrate":[151],"superior":[153],"performance":[154],"our":[156],"approach":[157],"compared":[158],"existing":[160],"methods.":[161]},"counts_by_year":[],"updated_date":"2026-04-02T13:53:19.096889","created_date":"2026-04-02T00:00:00"}