AI Safety in Practice: Enhancing Adversarial Robustness in Multimodal Image Captioning

TL;DR

The paper tackles adversarial vulnerability in multimodal image captioning by applying FGSM-based perturbations with magnitude $\epsilon = 0.1$ and conducting adversarial training, with a key finding that focusing training on the text decoder yields robustness close to full-model training while reducing computation. Through ViT-GPT-2 architecture evaluations on Flickr8k and COCO, the authors demonstrate a favorable robustness–efficiency trade-off when adversarial training targets the GPT-2 decoder while keeping the ViT encoder fixed. Adversarial training improves resilience to attacks but does not fully match clean-data performance; the text-decoder-focused approach delivers near-baseline accuracy, validating a practical defense strategy for safer, more scalable multimodal AI. The results support ethically deploying multimodal systems by enabling safer captioning under adversarial conditions with lower training costs and faster iteration loops.

Abstract

Multimodal machine learning models that combine visual and textual data are increasingly being deployed in critical applications, raising significant safety and security concerns due to their vulnerability to adversarial attacks. This paper presents an effective strategy to enhance the robustness of multimodal image captioning models against such attacks. By leveraging the Fast Gradient Sign Method (FGSM) to generate adversarial examples and incorporating adversarial training techniques, we demonstrate improved model robustness on two benchmark datasets: Flickr8k and COCO. Our findings indicate that selectively training only the text decoder of the multimodal architecture shows performance comparable to full adversarial training while offering increased computational efficiency. This targeted approach suggests a balance between robustness and training costs, facilitating the ethical deployment of multimodal AI systems across various domains.