Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink
Yining Wang, Mi Zhang, Junjie Sun, Chenyue Wang, Min Yang, Hui Xue, Jialing Tao, Ranjie Duan, Jiexi Liu
TL;DR
Mirage in the Eyes analyzes how attention sink in multimodal LLMs contributes to hallucinations and demonstrates a novel attack that manipulates attention sinks to induce erroneous content. The method does not rely on predefined targets and achieves high transferability, bypassing multiple mitigation strategies and affecting commercial APIs like GPT-4o and Gemini. By coupling attention dynamics with hidden-state embeddings, the attack increases hallucinated content while maintaining observable response quality, highlighting critical vulnerabilities in current instruction-tuning pipelines. The work motivates development of robust defenses such as adversarial purification and revised instruction-tuning to ensure faithful and reliable multimodal reasoning in real-world deployments.
Abstract
Fusing visual understanding into language generation, Multi-modal Large Language Models (MLLMs) are revolutionizing visual-language applications. Yet, these models are often plagued by the hallucination problem, which involves generating inaccurate objects, attributes, and relationships that do not match the visual content. In this work, we delve into the internal attention mechanisms of MLLMs to reveal the underlying causes of hallucination, exposing the inherent vulnerabilities in the instruction-tuning process. We propose a novel hallucination attack against MLLMs that exploits attention sink behaviors to trigger hallucinated content with minimal image-text relevance, posing a significant threat to critical downstream applications. Distinguished from previous adversarial methods that rely on fixed patterns, our approach generates dynamic, effective, and highly transferable visual adversarial inputs, without sacrificing the quality of model responses. Comprehensive experiments on 6 prominent MLLMs demonstrate the efficacy of our attack in compromising black-box MLLMs even with extensive mitigating mechanisms, as well as the promising results against cutting-edge commercial APIs, such as GPT-4o and Gemini 1.5. Our code is available at https://huggingface.co/RachelHGF/Mirage-in-the-Eyes.
