Security researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, potentially expanding security risks for AI agents and vision-language systems.
In a research paper published this week, researchers from Xidian University described a technique called “CrossMPI,” which uses nearly imperceptible image perturbations to alter how large vision-language models (LVLMs) process both visual and textual inputs.
“CrossMPI can steer the model’s interpretation of both textual and visual inputs via image-only prompt injection,” the researchers wrote in the paper.
Unlike traditi...