A survey of query-efficient model extraction attacks against commercial LLM APIs — how adversaries can reconstruct a functional shadow model using only input-output pairs, the commercial and security risks this creates, and the defences providers are deploying.
Researchers demonstrate that safety-aligned multimodal LLMs can be reliably jailbroken by encoding adversarial instructions as text within images, bypassing text-layer safety filters that do not process image content through the same moderation pipeline.
Recent research demonstrates that vision-language models including GPT-4V, Gemini Pro Vision, and open-source alternatives are highly susceptible to adversarial image perturbations, with attacks transferring across models at rates significantly higher than classical vision model attacks.
Research demonstrates that LLMs with large context windows can be reliably jailbroken by embedding hundreds of fictitious dialogues before the target request — a technique that scales with context length and bypasses standard safety training.
New research demonstrates that backdoor behaviours introduced into LLMs during fine-tuning can persist through subsequent safety alignment procedures, including RLHF and adversarial training, posing significant supply chain risks.