Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks

Georgios Pantazopoulos; Amit Parekh; Malvina Nikandrou; Alessandro Suglia

Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks

Georgios Pantazopoulos, Amit Parekh, Malvina Nikandrou, Alessandro Suglia

School of Mathematical & Computer Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

70 Downloads (Pure)

Abstract

Augmenting Large Language Models (LLMs) with image-understanding capabilities has resulted in a boom of high-performing Vision-Language models (VLMs). While studying the alignment of LLMs to human values has received widespread attention, the safety of VLMs has not received the same attention. In this paper, we explore the impact of jailbreaking on three state-of-the-art VLMs, each using a distinct modeling approach. By comparing each VLM to their respective LLM backbone, we find that each VLM is more susceptible to jailbreaking. We consider this as an undesirable outcome from visual instruction-tuning, which imposes a forgetting effect on an LLM’s safety guardrails. Therefore, we provide recommendations for future work based on evaluation strategies that aim to highlight the weaknesses of a VLM, as well as take safety measures into account during visual instruction tuning.

Original language	English
Title of host publication	Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024
Editors	Tanvi Dinkar, Giuseppe Attanasio, Amanda Cercas Curry, Ioannis Konstas, Dirk Hovy, Verena Rieser
Publisher	European Language Resources Association
Pages	40-51
Number of pages	12
ISBN (Print)	9782493814449
Publication status	Published - 21 May 2024
Event	Joint International Conference on Computational Linguistics, Language Resources and Evaluation 2024 - Lingotto Conference Centre, Torino, Italy Duration: 20 May 2024 → 25 May 2024 https://lrec-coling-2024.org/

Conference

Conference	Joint International Conference on Computational Linguistics, Language Resources and Evaluation 2024
Abbreviated title	LREC-COLING 2024
Country/Territory	Italy
City	Torino
Period	20/05/24 → 25/05/24
Internet address	https://lrec-coling-2024.org/

Keywords

Jailbreak
Vision-Language Models
Visual Instruction Tuning

ASJC Scopus subject areas

Language and Linguistics
Education
Library and Information Sciences
Linguistics and Language

Access to Document

Download pdfFinal published version, 846 KBLicence: CC BY-NC

https://aclanthology.org/2024.safety4convai-1.5.pdfLicence: CC BY-NC

Cite this

Pantazopoulos, G., Parekh, A., Nikandrou, M., & Suglia, A. (2024). Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks. In T. Dinkar, G. Attanasio, A. C. Curry, I. Konstas, D. Hovy, & V. Rieser (Eds.), Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024 (pp. 40-51). European Language Resources Association. https://aclanthology.org/2024.safety4convai-1.5.pdf

Pantazopoulos, Georgios ; Parekh, Amit ; Nikandrou, Malvina et al. / Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks. Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024. editor / Tanvi Dinkar ; Giuseppe Attanasio ; Amanda Cercas Curry ; Ioannis Konstas ; Dirk Hovy ; Verena Rieser. European Language Resources Association, 2024. pp. 40-51

@inproceedings{86ec678578194c978f7d5565937a202f,

title = "Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks",

abstract = "Augmenting Large Language Models (LLMs) with image-understanding capabilities has resulted in a boom of high-performing Vision-Language models (VLMs). While studying the alignment of LLMs to human values has received widespread attention, the safety of VLMs has not received the same attention. In this paper, we explore the impact of jailbreaking on three state-of-the-art VLMs, each using a distinct modeling approach. By comparing each VLM to their respective LLM backbone, we find that each VLM is more susceptible to jailbreaking. We consider this as an undesirable outcome from visual instruction-tuning, which imposes a forgetting effect on an LLM{\textquoteright}s safety guardrails. Therefore, we provide recommendations for future work based on evaluation strategies that aim to highlight the weaknesses of a VLM, as well as take safety measures into account during visual instruction tuning.",

keywords = "Jailbreak, Vision-Language Models, Visual Instruction Tuning",

author = "Georgios Pantazopoulos and Amit Parekh and Malvina Nikandrou and Alessandro Suglia",

note = "Publisher Copyright: {\textcopyright} 2024 ELRA Language Resource Association.; Joint International Conference on Computational Linguistics, Language Resources and Evaluation 2024, LREC-COLING 2024 ; Conference date: 20-05-2024 Through 25-05-2024",

year = "2024",

month = may,

day = "21",

language = "English",

isbn = "9782493814449",

pages = "40--51",

editor = "Tanvi Dinkar and Giuseppe Attanasio and Curry, {Amanda Cercas} and Ioannis Konstas and Dirk Hovy and Verena Rieser",

booktitle = "Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024",

publisher = "European Language Resources Association",

url = "https://lrec-coling-2024.org/",

}

Pantazopoulos, G, Parekh, A, Nikandrou, M & Suglia, A 2024, Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks. in T Dinkar, G Attanasio, AC Curry, I Konstas, D Hovy & V Rieser (eds), Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024. European Language Resources Association, pp. 40-51, Joint International Conference on Computational Linguistics, Language Resources and Evaluation 2024, Torino, Italy, 20/05/24. <https://aclanthology.org/2024.safety4convai-1.5.pdf>

Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks. / Pantazopoulos, Georgios; Parekh, Amit; Nikandrou, Malvina et al.
Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024. ed. / Tanvi Dinkar; Giuseppe Attanasio; Amanda Cercas Curry; Ioannis Konstas; Dirk Hovy; Verena Rieser. European Language Resources Association, 2024. p. 40-51.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks

AU - Pantazopoulos, Georgios

AU - Parekh, Amit

AU - Nikandrou, Malvina

AU - Suglia, Alessandro

PY - 2024/5/21

Y1 - 2024/5/21

N2 - Augmenting Large Language Models (LLMs) with image-understanding capabilities has resulted in a boom of high-performing Vision-Language models (VLMs). While studying the alignment of LLMs to human values has received widespread attention, the safety of VLMs has not received the same attention. In this paper, we explore the impact of jailbreaking on three state-of-the-art VLMs, each using a distinct modeling approach. By comparing each VLM to their respective LLM backbone, we find that each VLM is more susceptible to jailbreaking. We consider this as an undesirable outcome from visual instruction-tuning, which imposes a forgetting effect on an LLM’s safety guardrails. Therefore, we provide recommendations for future work based on evaluation strategies that aim to highlight the weaknesses of a VLM, as well as take safety measures into account during visual instruction tuning.

AB - Augmenting Large Language Models (LLMs) with image-understanding capabilities has resulted in a boom of high-performing Vision-Language models (VLMs). While studying the alignment of LLMs to human values has received widespread attention, the safety of VLMs has not received the same attention. In this paper, we explore the impact of jailbreaking on three state-of-the-art VLMs, each using a distinct modeling approach. By comparing each VLM to their respective LLM backbone, we find that each VLM is more susceptible to jailbreaking. We consider this as an undesirable outcome from visual instruction-tuning, which imposes a forgetting effect on an LLM’s safety guardrails. Therefore, we provide recommendations for future work based on evaluation strategies that aim to highlight the weaknesses of a VLM, as well as take safety measures into account during visual instruction tuning.

KW - Jailbreak

KW - Vision-Language Models

KW - Visual Instruction Tuning

UR - http://www.scopus.com/inward/record.url?scp=85195410376&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85195410376

SN - 9782493814449

SP - 40

EP - 51

BT - Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024

A2 - Dinkar, Tanvi

A2 - Attanasio, Giuseppe

A2 - Curry, Amanda Cercas

A2 - Konstas, Ioannis

A2 - Hovy, Dirk

A2 - Rieser, Verena

PB - European Language Resources Association

T2 - Joint International Conference on Computational Linguistics, Language Resources and Evaluation 2024

Y2 - 20 May 2024 through 25 May 2024

ER -

Pantazopoulos G, Parekh A, Nikandrou M, Suglia A. Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks. In Dinkar T, Attanasio G, Curry AC, Konstas I, Hovy D, Rieser V, editors, Proceedings for the 3rd Workshop on Safety for Conversational AI, Safety4ConvAI 2024 at LREC-COLING 2024. European Language Resources Association. 2024. p. 40-51

Learning To See But Forgetting To Follow: Visual Instruction Tuning Makes LLMs More Prone To Jailbreak Attacks

Abstract

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this