{"id":"https://openalex.org/W7148334214","doi":"https://doi.org/10.48550/arxiv.2604.00310","title":"Robust Multimodal Safety via Conditional Decoding","display_name":"Robust Multimodal Safety via Conditional Decoding","publication_year":2026,"publication_date":"2026-03-31","ids":{"openalex":"https://openalex.org/W7148334214","doi":"https://doi.org/10.48550/arxiv.2604.00310"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.00310","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.00310","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.00310","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022413485","display_name":"Anurag Kumar","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Kumar, Anurag","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086205666","display_name":"Raghuveer Peri","orcid":"https://orcid.org/0000-0002-1010-065X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Peri, Raghuveer","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093975996","display_name":"Jon Burnsky","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Burnsky, Jon","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024357851","display_name":"Alexandru Nelus","orcid":"https://orcid.org/0000-0002-4926-6796"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nelus, Alexandru","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052189588","display_name":"Rohit Paturi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Paturi, Rohit","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080301608","display_name":"Srikanth Vishnubhotla","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vishnubhotla, Srikanth","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5132768006","display_name":"Yanjun Qi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Qi, Yanjun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5022413485"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6723999977111816,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6723999977111816,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.14219999313354492,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12262","display_name":"Hate Speech and Cyberbullying Detection","score":0.031099999323487282,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7177000045776367},{"id":"https://openalex.org/keywords/decoding-methods","display_name":"Decoding methods","score":0.7057999968528748},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5422000288963318},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.532800018787384},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.48420000076293945},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.4230000078678131},{"id":"https://openalex.org/keywords/modalities","display_name":"Modalities","score":0.34630000591278076}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7616999745368958},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7177000045776367},{"id":"https://openalex.org/C57273362","wikidata":"https://www.wikidata.org/wiki/Q576722","display_name":"Decoding methods","level":2,"score":0.7057999968528748},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5422000288963318},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.532800018787384},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.48420000076293945},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4756999909877777},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.4230000078678131},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.39719998836517334},{"id":"https://openalex.org/C2779903281","wikidata":"https://www.wikidata.org/wiki/Q6888026","display_name":"Modalities","level":2,"score":0.34630000591278076},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.3244999945163727},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.323199987411499},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.3224000036716461},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.31299999356269836},{"id":"https://openalex.org/C66905080","wikidata":"https://www.wikidata.org/wiki/Q17005494","display_name":"Binary classification","level":3,"score":0.3077999949455261},{"id":"https://openalex.org/C175154964","wikidata":"https://www.wikidata.org/wiki/Q380077","display_name":"Task analysis","level":3,"score":0.28290000557899475},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.28220000863075256}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.00310","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.00310","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.00310","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.00310","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5761719346046448,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Multimodal":[0],"large-language":[1],"models":[2],"(MLLMs)":[3],"often":[4],"experience":[5],"degraded":[6],"safety":[7,60,69,86,103],"alignment":[8,87],"when":[9,27],"harmful":[10],"queries":[11],"exploit":[12],"cross-modal":[13],"interactions.":[14],"Models":[15],"aligned":[16],"on":[17,90],"text":[18],"alone":[19],"show":[20,137],"a":[21,39,58,67,146,165],"higher":[22],"rate":[23,122],"of":[24,54],"successful":[25],"attacks":[26],"extended":[28],"to":[29,56,73,78,170],"two":[30],"or":[31,94],"more":[32,124],"modalities.":[33],"In":[34],"this":[35],"work,":[36],"we":[37],"propose":[38],"simple":[40,166],"conditional":[41],"decoding":[42],"strategy,":[43],"CASA":[44,116,139,163],"(Classification":[45],"Augmented":[46],"with":[47],"Safety":[48],"Attention)":[49],"that":[50,138],"utilizes":[51],"internal":[52],"representations":[53],"MLLMs":[55],"predict":[57],"binary":[59],"token":[61],"before":[62],"response":[63],"generation.":[64],"We":[65],"introduce":[66],"novel":[68],"attention":[70],"module":[71],"designed":[72],"enhance":[74],"the":[75,99,118],"model's":[76],"ability":[77],"detect":[79],"malicious":[80],"queries.":[81],"Our":[82,133],"design":[83],"ensures":[84],"robust":[85],"without":[88,98],"relying":[89],"any":[91],"external":[92],"classifier":[93],"auxiliary":[95],"head,":[96],"and":[97,112,129,152,167],"need":[100],"for":[101],"modality-specific":[102],"fine-tuning.":[104],"On":[105],"diverse":[106],"benchmarks":[107],"such":[108],"as":[109,164],"MM-SafetyBench,":[110],"JailbreakV-28k,":[111],"adversarial":[113],"audio":[114],"tests,":[115],"lowers":[117],"average":[119],"attack":[120,131],"success":[121],"by":[123],"than":[125],"97%":[126],"across":[127,130],"modalities":[128],"types.":[132],"empirical":[134],"evaluations":[135,154],"also":[136],"maintains":[140],"strong":[141],"utility":[142],"in":[143],"benign":[144],"inputs,":[145],"result":[147],"validated":[148],"through":[149],"both":[150],"automated":[151],"human":[153],"(via":[155],"13":[156],"trained":[157],"annotators).":[158],"Together,":[159],"these":[160],"results":[161],"highlight":[162],"generalizable":[168],"framework":[169],"improve":[171],"multimodal":[172],"LLM":[173],"safety.":[174]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-04-03T00:00:00"}