ChartAttack: Testing the Vulnerability of LLMs to Malicious Prompting in Chart Generation

Multimodal large language models (MLLMs) are increasingly used to automate chart generation from data tables, enabling efficient data analysis and reporting but also introducing new misuse risks. In this work, we introduce ChartAttack, a novel framework for evaluating how MLLMs can be misused to generate misleading charts at scale. ChartAttack injects misleaders into chart designs, aiming to induce incorrect interpretations of the underlying data. Furthermore, we create AttackViz, a chart question-answering (QA) dataset where each (chart specification, QA) pair is labeled with effective misleaders and their induced incorrect answers. Experiments in in-domain and cross-domain settings show that ChartAttack significantly degrades the QA performance of MLLM readers, reducing accuracy by an average of 19.6 points and 14.9 points, respectively. A human study further shows an average 20.2 point drop in accuracy for participants exposed to misleading charts generated by ChartAttack. Our findings highlight an urgent need for robustness and security considerations in the design, evaluation, and deployment of MLLM-based chart generation systems. We make our code and data publicly available.

Key Contributions

• ChartAttack: first automated framework for jailbreaking MLLMs to generate misleading charts via systematically injected visualization design violations (misleaders)
• AttackViz: a multi-label chart QA dataset with structured annotations linking misleaders, chart specifications, and the incorrect answers each misleader induces
• Empirical evaluation showing ChartAttack reduces MLLM QA accuracy by 19.6 pp (in-domain) and 14.9 pp (cross-domain), and human accuracy by 20.2 pp

🛡️ Threat Analysis

Details

Similar Papers