Defeating Cerberus: Concept-Guided Privacy-Leakage Mitigation in Multimodal Language Models

Multimodal large language models (MLLMs) have demonstrated remarkable capabilities in processing and reasoning over diverse modalities, but their advanced abilities also raise significant privacy concerns, particularly regarding Personally Identifiable Information (PII) leakage. While relevant research has been conducted on single-modal language models to some extent, the vulnerabilities in the multimodal setting have yet to be fully investigated. In this work, we investigate these emerging risks with a focus on vision language models (VLMs), a representative subclass of MLLMs that covers the two modalities most relevant for PII leakage, vision and text. We introduce a concept-guided mitigation approach that identifies and modifies the model's internal states associated with PII-related content. Our method guides VLMs to refuse PII-sensitive tasks effectively and efficiently, without requiring re-training or fine-tuning. We also address the current lack of multimodal PII datasets by constructing various ones that simulate real-world scenarios. Experimental results demonstrate that the method can achieve an average refusal rate of 93.3% for various PII-related tasks with minimal impact on unrelated model performances. We further examine the mitigation's performance under various conditions to show the adaptability of our proposed method.

Key Contributions

Concept-guided weight editing approach that identifies and modifies VLM internal states associated with PII-related content to refuse PII-sensitive tasks without retraining or fine-tuning
Construction of multimodal PII datasets simulating real-world scenarios such as document scans and ID cards to address a gap in evaluation resources
Empirical demonstration of 93.3% average refusal rate across diverse PII-related tasks with minimal impact on unrelated model performance