survey 2026

Adversarial Attacks on Multimodal Large Language Models: A Comprehensive Survey

Bhavuk Jain 1, Sercan Ö. Arık 1, Hardeo K. Thakur 2

1 Google

2 Bennett University

0 citations · Transactions on Machine Learni...
α

Published on arXiv

2603.27918

Input Manipulation Attack

OWASP ML Top 10 — ML01

Prompt Injection

OWASP LLM Top 10 — LLM01

Key Finding

Identifies cross-modal vulnerabilities as key expanded attack surface in MLLMs, arising from complex interplay between modality fusion mechanisms and shared embedding spaces

Multimodal large language models (MLLMs) integrate information from multiple modalities such as text, images, audio, and video, enabling complex capabilities such as visual question answering and audio translation. While powerful, this increased expressiveness introduces new and amplified vulnerabilities to adversarial manipulation. This survey provides a comprehensive and systematic analysis of adversarial threats to MLLMs, moving beyond enumerating attack techniques to explain the underlying causes of model susceptibility. We introduce a taxonomy that organizes adversarial attacks according to attacker objectives, unifying diverse attack surfaces across modalities and deployment settings. Additionally, we also present a vulnerability-centric analysis that links integrity attacks, safety and jailbreak failures, control and instruction hijacking, and training-time poisoning to shared architectural and representational weaknesses in multimodal systems. Together, this framework provides an explanatory foundation for understanding adversarial behavior in MLLMs and informs the development of more robust and secure multimodal language systems.

Key Contributions

  • Introduces goal-driven taxonomy organizing MLLM adversarial attacks by attacker objectives across modalities
  • Provides vulnerability-centric analysis linking attack families to shared architectural and representational weaknesses
  • Systematically covers cross-modal prompt injection, fusion mechanism attacks, adversarial illusions, and training-time poisoning

🛡️ Threat Analysis

Input Manipulation Attack

Survey covers adversarial perturbations and adversarial illusions designed to cause misclassification or erroneous outputs at inference time across multimodal inputs.

Details

Domains
multimodalnlpvisionaudio
Model Types
llmvlmmultimodaltransformer
Threat Tags
white_boxgrey_boxblack_boxtraining_timeinference_time
Applications
visual question answeringimage captioningaudio-visual scene analysisrobotics
Read PDF arXiv

Similar Papers

defense

Robust Multimodal Safety via Conditional Decoding

2026 0 cit.
Input Manipulation Attack
80%
survey

The Persistent Vulnerability of Aligned AI Systems

2026 0 cit.
Input Manipulation Attack
78%
survey

Jailbreaking LLMs & VLMs: Mechanisms, Evaluation, and Unified Defense

2026 1 cit.
Input Manipulation Attack
75%
tool

OpenRT: An Open-Source Red Teaming Framework for Multimodal LLMs

2026 4 cit.
Input Manipulation Attack
72%
defense

CrossGuard: Safeguarding MLLMs against Joint-Modal Implicit Malicious Attacks

2025 0 cit.
Input Manipulation Attack
72%
attack

Adversarial Confusion Attack: Disrupting Multimodal Large Language Models

2025 1 cit.
Input Manipulation Attack
69%
defense

SmoothGuard: Defending Multimodal Large Language Models with Noise Perturbation and Clustering Aggregation

2025 0 cit.
Input Manipulation Attack
69%
defense

Understanding and Defending VLM Jailbreaks via Jailbreak-Related Representation Shift

2026 0 cit.
Input Manipulation Attack
68%