New image attack targets multimodal AI

A new attack uses imperceptible image changes to manipulate multimodal AI models, bypassing security measures without altering the user's original text prompt.

Security researchers have developed a new attack method called "CrossMPI" that targets multimodal AI models. This technique uses nearly imperceptible changes to an image to manipulate how a large vision-language model (LVLM) processes user instructions. Unlike traditional prompt injection, the attack doesn't modify the text prompt. Instead, hidden instructions within the image's pixels can override or alter the model's interpretation of both the visual and textual inputs. This allows an attacker to secretly control the AI's behavior and output, even when the user's text prompt is completely benign.

This image-based attack represents a significant security risk for AI agents and other systems that rely on both vision and language. Because the malicious payload is hidden in the image, it can bypass security filters that are designed to scan and sanitize text-based prompts. This makes the attack stealthy and difficult to detect with current safety measures. The vulnerability demonstrates that as AI models become more complex and multimodal, their attack surfaces also expand. It highlights an urgent need for developers and security teams to create more robust defense mechanisms that can analyze all input types for hidden threats, not just text.