Poisoning Prompt-Guided Sampling in Video Large Language Models

Video Large Language Models (VideoLLMs) have emerged as powerful tools for understanding videos, supporting tasks such as summarization, captioning, and question answering. Their performance has been driven by advances in frame sampling, progressing from uniform-based to semantic-similarity-based and, most recently, prompt-guided strategies. While vulnerabilities have been identified in earlier sampling strategies, the safety of prompt-guided sampling remains unexplored. We close this gap by presenting PoisonVID, the first black-box poisoning attack that undermines prompt-guided sampling in VideoLLMs. PoisonVID compromises the underlying prompt-guided sampling mechanism through a closed-loop optimization strategy that iteratively optimizes a universal perturbation to suppress harmful frame relevance scores, guided by a depiction set constructed from paraphrased harmful descriptions leveraging a shadow VideoLLM and a lightweight language model, i.e., GPT-4o-mini. Comprehensively evaluated on three prompt-guided sampling strategies and across three advanced VideoLLMs, PoisonVID achieves 82% - 99% attack success rate, highlighting the importance of developing future advanced sampling strategies for VideoLLMs.

Key Contributions

• PoisonVID: first black-box attack targeting prompt-guided frame sampling in VideoLLMs, using universal perturbations to suppress harmful frame relevance scores
• Closed-loop optimization strategy guided by a depiction set constructed from paraphrased harmful descriptions via a shadow VideoLLM and GPT-4o-mini
• Comprehensive evaluation across three PGS strategies (DKS, AKS, FRAG) and three VideoLLMs demonstrating 82–99% attack success rate

🛡️ Threat Analysis

Details

Similar Papers