attack arXiv Feb 6, 2026 · 8w ago
Guowei Guan, Yurong Hao, Jiaming Zhang et al. · Nanyang Technological University · Alibaba Group
Cross-modal synchronized data poisoning attack that steers MLLM recommender systems to promote target items via attention-guided token-patch edits
Data Poisoning Attack Training Data Poisoning multimodalnlpvision
Multimodal large language models (MLLMs) are pushing recommender systems (RecSys) toward content-grounded retrieval and ranking via cross-modal fusion. We find that while cross-modal consensus often mitigates conventional poisoning that manipulates interaction logs or perturbs a single modality, it also introduces a new attack surface where synchronised multimodal poisoning can reliably steer fused representations along stable semantic directions during fine-tuning. To characterise this threat, we formalise cross-modal interactive poisoning and propose VENOMREC, which performs Exposure Alignment to identify high-exposure regions in the joint embedding space and Cross-modal Interactive Perturbation to craft attention-guided coupled token-patch edits. Experiments on three real-world multimodal datasets demonstrate that VENOMREC consistently outperforms strong baselines, achieving 0.73 mean ER@20 and improving over the strongest baseline by +0.52 absolute ER points on average, while maintaining comparable recommendation utility.
llm vlm multimodal Nanyang Technological University · Alibaba Group
ML Security Papers