{"id":"https://openalex.org/W7160298659","doi":"https://doi.org/10.48550/arxiv.2605.01449","title":"VisInject: Disruption != Injection -- A Dual-Dimension Evaluation of Universal Adversarial Attacks on Vision-Language Models","display_name":"VisInject: Disruption != Injection -- A Dual-Dimension Evaluation of Universal Adversarial Attacks on Vision-Language Models","publication_year":2026,"publication_date":"2026-05-02","ids":{"openalex":"https://openalex.org/W7160298659","doi":"https://doi.org/10.48550/arxiv.2605.01449"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.01449","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.01449","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.01449","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5135382448","display_name":"Pang Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Liu, Pang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5071172709","display_name":"Yingjie Lao","orcid":"https://orcid.org/0000-0002-9413-2455"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lao, Yingjie","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5135382448"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.5759000182151794,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.5759000182151794,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.20360000431537628,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.03220000118017197,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8440999984741211},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.5730999708175659},{"id":"https://openalex.org/keywords/categorical-variable","display_name":"Categorical variable","score":0.5264000296592712},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.4650000035762787},{"id":"https://openalex.org/keywords/semantic-security","display_name":"Semantic security","score":0.3928999900817871},{"id":"https://openalex.org/keywords/modality","display_name":"Modality (human\u2013computer interaction)","score":0.37880000472068787},{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.3179999887943268}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8440999984741211},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6502000093460083},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.5730999708175659},{"id":"https://openalex.org/C5274069","wikidata":"https://www.wikidata.org/wiki/Q2285707","display_name":"Categorical variable","level":2,"score":0.5264000296592712},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.4650000035762787},{"id":"https://openalex.org/C204806902","wikidata":"https://www.wikidata.org/wiki/Q2333581","display_name":"Semantic security","level":5,"score":0.3928999900817871},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38960000872612},{"id":"https://openalex.org/C2780226545","wikidata":"https://www.wikidata.org/wiki/Q6888030","display_name":"Modality (human\u2013computer interaction)","level":2,"score":0.37880000472068787},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34929999709129333},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32589998841285706},{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.3179999887943268},{"id":"https://openalex.org/C108650721","wikidata":"https://www.wikidata.org/wiki/Q1783253","display_name":"Counterfactual thinking","level":2,"score":0.3075999915599823},{"id":"https://openalex.org/C2779623668","wikidata":"https://www.wikidata.org/wiki/Q7652842","display_name":"SwIPe","level":2,"score":0.3061000108718872},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.301800012588501},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.2870999872684479},{"id":"https://openalex.org/C164866538","wikidata":"https://www.wikidata.org/wiki/Q367351","display_name":"Cluster (spacecraft)","level":2,"score":0.2838999927043915},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.27869999408721924},{"id":"https://openalex.org/C2777267654","wikidata":"https://www.wikidata.org/wiki/Q3519023","display_name":"Test (biology)","level":2,"score":0.26669999957084656},{"id":"https://openalex.org/C48677424","wikidata":"https://www.wikidata.org/wiki/Q6888088","display_name":"Mode (computer interface)","level":2,"score":0.2529999911785126}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.01449","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.01449","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.01449","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.01449","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Universal":[0,68],"adversarial":[1,243],"attacks":[2],"on":[3,121,202],"aligned":[4],"multimodal":[5],"large":[6],"language":[7],"models":[8],"are":[9,172],"increasingly":[10],"reported":[11],"with":[12,116,134],"attack":[13,156],"success":[14],"rates":[15],"in":[16,108],"the":[17,21,44,52,122,127,135,162,178,235,248,254],"60-80%":[18],"range,":[19],"suggesting":[20],"visual":[22],"modality":[23],"is":[24,106],"highly":[25],"vulnerable":[26],"to":[27],"imperceptible":[28],"perturbations":[29],"as":[30,229],"a":[31,83,86,96,230],"prompt-injection":[32],"channel.":[33],"We":[34,62,233],"argue":[35],"that":[36,198],"this":[37],"number":[38],"conflates":[39],"two":[40,64,163],"distinct":[41],"events:":[42],"(i)":[43],"model's":[45],"output":[46],"was":[47,57],"perturbed":[48],"(Influence),":[49],"and":[50,71,80,158,190,253],"(ii)":[51],"attacker's":[53],"chosen":[54],"target":[55],"concept":[56],"actually":[58],"emitted":[59],"(Precise":[60],"Injection).":[61],"compose":[63],"existing":[65],"techniques":[66],"--":[67,73,238],"Adversarial":[69],"Attack":[70],"AnyAttack":[72],"under":[74],"an":[75,145],"$L_{inf}$":[76,219],"budget":[77],"of":[78,170],"16/255,":[79],"we":[81],"add":[82],"dual-axis":[84,250],"evaluation:":[85],"deterministic":[87],"Ratcliff-Obershelp":[88],"drift":[89],"score":[90],"for":[91,101],"Influence":[92],"(programmatic":[93],"baseline)":[94],"plus":[95],"4-tier":[97],"ordinal":[98],"categorical":[99],"none/weak/partial/confirmed":[100],"Precise":[102],"Injection.":[103],"The":[104,195],"judge":[105,251],"DeepSeek-V4-Pro":[107],"thinking":[109],"mode,":[110],"calibrated":[111],"against":[112],"Claude":[113],"Opus":[114],"4.7":[115],"Cohen's":[117],"$\u03ba$":[118],"=":[119,220],"0.77":[120],"injection":[123,188],"axis":[124],"(substantial":[125],"agreement);":[126],"entire":[128],"4475-entry":[129],"SHA-256":[130],"input":[131],"cache":[132,255],"ships":[133],"dataset":[136,237],"so":[137],"reviewers":[138],"can":[139],"re-derive":[140],"paper":[141],"numbers":[142],"bit-exact":[143],"without":[144],"API":[146],"key.":[147],"Across":[148],"6615":[149],"pairs":[150,171,225],"over":[151],"four":[152],"open":[153],"VLMs,":[154],"seven":[155,159],"prompts,":[157],"test":[160],"images,":[161,241],"axes":[164],"diverge":[165],"by":[166],"roughly":[167],"90$\\times$:":[168],"66.4%":[169],"programmatically":[173],"disturbed":[174],"(LLM-judged":[175],"46.6%":[176],"at":[177,218,256],"substantial-or-complete":[179],"tier),":[180],"but":[181],"only":[182,191],"0.756%":[183],"(50/6615)":[184],"reach":[185],"any":[186],"non-none":[187],"tier":[189],"0.030%":[192],"(2/6615)":[193],"verbatim.":[194],"few":[196],"injections":[197],"do":[199],"land":[200],"cluster":[201],"screenshot-":[203],"or":[204],"document-style":[205],"carriers":[206],"whose":[207],"semantics":[208],"already":[209],"invite":[210],"text":[211],"transcription.":[212],"BLIP-2":[213],"shows":[214],"\\emph{zero":[215],"detectable":[216],"drift}":[217],"16/255":[221],"across":[222],"all":[223],"2205":[224],"even":[226],"when":[227],"used":[228],"Stage-1":[231],"surrogate.":[232],"release":[234],"full":[236],"21":[239],"universal":[240],"147":[242],"photos,":[244],"6,615":[245],"response":[246],"pairs,":[247],"v3":[249],"results,":[252],"huggingface.co/datasets/jeffliulab/visinject.":[257]},"counts_by_year":[],"updated_date":"2026-05-06T06:10:43.113611","created_date":"2026-05-06T00:00:00"}