Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

VLSBench: Unveiling Visual Leakage in Multimodal Safety

Xuhao Hu, Dongrui Liu, Hao Li, Xuanjing Huang, Jing Shao

TL;DR

VSIL reveals that safety judgments in multimodal models can be derived from textual cues alone, exposing unreliable cross-modal evaluations. To address this, the authors build VLSBench, a leakage-free 2.2k image-text dataset and data-generation pipeline that detoxifies harmful textual queries and pairs them with safe, matched images, enabling faithful cross-modal safety assessment. Through extensive experiments comparing textual SFT against multimodal alignment, they find textual approaches can rival multimodal ones on VSIL-affected benchmarks, while multimodal alignment shines in VSIL-free contexts. The work underscores the need for dedicated multimodal safety alignment and provides a practical benchmark and methodology to drive future improvements, with broad implications for evaluating and deploying safe MLLMs in real-world settings.

Abstract

Safety concerns of Multimodal large language models (MLLMs) have gradually become an important problem in various applications. Surprisingly, previous works indicate a counterintuitive phenomenon that using textual unlearning to align MLLMs achieves comparable safety performances with MLLMs aligned with image text pairs. To explain such a phenomenon, we discover a Visual Safety Information Leakage (VSIL) problem in existing multimodal safety benchmarks, i.e., the potentially risky content in the image has been revealed in the textual query. Thus, MLLMs can easily refuse these sensitive image-text pairs according to textual queries only, leading to unreliable cross-modality safety evaluation of MLLMs. We also conduct a further comparison experiment between textual alignment and multimodal alignment to highlight this drawback. To this end, we construct multimodal Visual Leakless Safety Bench (VLSBench) with 2.2k image-text pairs through an automated data pipeline. Experimental results indicate that VLSBench poses a significant challenge to both open-source and close-source MLLMs, e.g., LLaVA, Qwen2-VL and GPT-4o. Besides, we empirically compare textual and multimodal alignment methods on VLSBench and find that textual alignment is effective enough for multimodal safety scenarios with VSIL, while multimodal alignment is preferable for safety scenarios without VSIL. Code and data are released under https://github.com/AI45Lab/VLSBench

VLSBench: Unveiling Visual Leakage in Multimodal Safety

TL;DR

VSIL reveals that safety judgments in multimodal models can be derived from textual cues alone, exposing unreliable cross-modal evaluations. To address this, the authors build VLSBench, a leakage-free 2.2k image-text dataset and data-generation pipeline that detoxifies harmful textual queries and pairs them with safe, matched images, enabling faithful cross-modal safety assessment. Through extensive experiments comparing textual SFT against multimodal alignment, they find textual approaches can rival multimodal ones on VSIL-affected benchmarks, while multimodal alignment shines in VSIL-free contexts. The work underscores the need for dedicated multimodal safety alignment and provides a practical benchmark and methodology to drive future improvements, with broad implications for evaluating and deploying safe MLLMs in real-world settings.

Abstract

Safety concerns of Multimodal large language models (MLLMs) have gradually become an important problem in various applications. Surprisingly, previous works indicate a counterintuitive phenomenon that using textual unlearning to align MLLMs achieves comparable safety performances with MLLMs aligned with image text pairs. To explain such a phenomenon, we discover a Visual Safety Information Leakage (VSIL) problem in existing multimodal safety benchmarks, i.e., the potentially risky content in the image has been revealed in the textual query. Thus, MLLMs can easily refuse these sensitive image-text pairs according to textual queries only, leading to unreliable cross-modality safety evaluation of MLLMs. We also conduct a further comparison experiment between textual alignment and multimodal alignment to highlight this drawback. To this end, we construct multimodal Visual Leakless Safety Bench (VLSBench) with 2.2k image-text pairs through an automated data pipeline. Experimental results indicate that VLSBench poses a significant challenge to both open-source and close-source MLLMs, e.g., LLaVA, Qwen2-VL and GPT-4o. Besides, we empirically compare textual and multimodal alignment methods on VLSBench and find that textual alignment is effective enough for multimodal safety scenarios with VSIL, while multimodal alignment is preferable for safety scenarios without VSIL. Code and data are released under https://github.com/AI45Lab/VLSBench

Paper Structure

This paper contains 72 sections, 7 equations, 23 figures, 17 tables.

Table of Contents

  1. Introduction
  2. Visual Leakage in Multimodal Safety
  3. Visual Safety Information Leakage (VSIL)
  4. Definition.
  5. Quantitative Verification.
  6. Qualitative Verification.
  7. The Drawback of VSIL Problem
  8. Experimental Setup
  9. Models.
  10. Safety Alignment Methods.
  11. Evaluation.
  12. Experimental Results and Analysis
  13. Simplest textual SFT exhibit similar safety performance on datasets with VSIL compared with multimodal alignment.
  14. Textual alignment matches multimodal alignment in general ability.
  15. Existing safety datasets are not challenging enough due to VSIL
  16. ...and 57 more sections

Figures (23)

  • Figure 1: The existing visual safety information leakage (VSIL) problem leads to a shortcut alignment that simple textual alignment matches multimodal alignment in multimodal safety. Otherwise, VLSBench discourages textual alignment and motivates more dedicated multimodal alignment methods to better address this challenging task. The red bar shows evaluation results separately on the raw and jailbreak set of JailbreakV jailbreakv, a typical dataset with VSIL. The green bar shows evaluation results on VLSBench.
  • Figure 2: Four examples in current benchmarks to showcase the problem of visual safety information leakage. The leakage information from visual to textual is marked as red.
  • Figure 3: Safety taxonomy of our VLSBench.
  • Figure 4: The Detailed statistics of our VLSBench across 6 categories and 19 sub-categories
  • Figure 5: Overview of VLSBench construction pipeline. Our pipeline successfully prevents visual safety leakage. This pipeline includes four steps: (a) Harmful query and image description generation. (b) Mitigating visual leakage from the textual harmful query. (c) Iterative image generation from image description. (d) Final filtration ensures image-text pairs are matched and harmful.
  • ...and 18 more figures