Omni-Safety under Cross-Modality Conflict: Vulnerabilities, Dynamics Mechanisms and Efficient Alignment

Omni-modal Large Language Models (OLLMs) greatly expand LLMs' multimodal capabilities but also introduce cross-modal safety risks. However, a systematic understanding of vulnerabilities in omni-modal interactions remains lacking. To bridge this gap, we establish a modality-semantics decoupling principle and construct the AdvBench-Omni dataset, which reveals a significant vulnerability in OLLMs. Mechanistic analysis uncovers a Mid-layer Dissolution phenomenon driven by refusal vector magnitude shrinkage, alongside the existence of a modal-invariant pure refusal direction. Inspired by these insights, we extract a golden refusal vector using Singular Value Decomposition and propose OmniSteer, which utilizes lightweight adapters to modulate intervention intensity adaptively. Extensive experiments show that our method not only increases the Refusal Success Rate against harmful inputs from 69.9% to 91.2%, but also effectively preserves the general capabilities across all modalities. Our code is available at: https://github.com/zhrli324/omni-safety-research.

Key Contributions

• Establishes a modality-semantics decoupling principle and constructs AdvBench-Omni to systematically characterize cross-modal safety vulnerabilities in omni-modal LLMs
• Identifies the Mid-layer Dissolution phenomenon — refusal behavior collapses due to refusal vector magnitude shrinkage under cross-modal conflict — and discovers a modal-invariant pure refusal direction
• Proposes OmniSteer, which uses SVD to extract a golden refusal vector and lightweight adapters to adaptively amplify intervention intensity, improving Refusal Success Rate from 69.9% to 91.2%

🛡️ Threat Analysis

Details

Similar Papers