How a Seemingly Harmless Image Can Jailbreak Vision-Language AI Models
3 59Slashdot reader BrianFagioli writes: Florida International University researchers have developed a technique called JaiLIP (Jailbreaking with Loss-guided Image Perturbation) that uses subtle image modifications to bypass AI safety guardrails. Unlike traditional jailbreaks that rely on carefully crafted prompts, the attack works through images that appear normal to human viewers.
The researchers tested the technique against BLIP-2, a multimodal AI model, and found that manipulated images significantly increased the likelihood of harmful responses. According to the study, the approach outperformed previous image-based jailbreak methods and nearly doubled the number of unsafe outputs generated during testing.
The findings highlight a potential security risk for businesses deploying AI systems that process both images and text. While most discussions about AI safety focus on prompts, the research suggests that seemingly harmless images may also serve as an attack vector.
3 comments
Re:Jailbreaking will never get fixed (Score: 5, Interesting)
by dfghjk ( 711126 ) on Saturday June 27, 2026 @07:27PM (#66213446)
How do you know it's generative AI?
This article links to another article, published presumably for profit, which links to an article that requires a subscription. It's just business promotion for a /. member, there's no information here or anything to discuss.
"Obviously, using a tool outside of what it can do well will usually do more damage than good."
What does the tool do well? We don't know, we haven't been told anything about the tool. And what damage or good can it do? An AI can do no damage unless it's wired to do damage. AI is just software, completely deterministic. Can Excel do damage? Even when used to do things it doesn't do well? The threat of AI is the people who try to exploit something poorly designed to do things they don't understand. So what if AI hallucinates, the possibility of harm doesn't come from AI, it comes from using its outputs to do harm.
Re: single pixel attacks (Score: 5, )
by cathector ( 972646 ) on Saturday June 27, 2026 @09:12PM (#66213554)
wups, /. filtered out my angle-brackets. ... from "99% sure it's (the right thing)" to "99% sure it's (something not even close to the right thing)" ...
should read:
What is a "harmful response?" (Score: 5, Insightful)
by LondoMollari ( 172563 ) on Saturday June 27, 2026 @09:31PM (#66213570)
What is a "harmful response" and since when is having the sum total of human knowledge being instantly searchable "harmful?" All of this information is already freely available on the internet and in libraries. We used to say that "information wants to be free" but now that we have a tool that can do just that, we have a society that is intent on locking everything down with "governance" and "guardrails." And the best part? China is out here making and releasing the same type of advanced AIs sans guardrails for all to download. Now what?