Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DeepSeek on a Trip: Inducing Targeted Visual Hallucinations via Representation Vulnerabilities

Chashi Mahiul Islam, Samuel Jacob Chacko, Preston Horne, Xiuwen Liu

TL;DR

This work investigates targeted visual hallucinations in open-source multimodal LLMs by exploiting embedding vulnerabilities in DeepSeek Janus Pro. It introduces an embedding manipulation attack, a LLaMA-3.1 8B Instruct–based hallucination detector, and the LSD-Hallucination benchmark to quantify semantic disruption under controlled prompts. Across COCO, DALL·E 3, and SVIT, the attack achieves hallucination rates up to 98% while preserving image fidelity (SSIM > 0.88) and demonstrates that larger 7B models are more susceptible than 1B variants. The study highlights the security risks of open-source MLLMs and calls for embedding-level defenses and robust evaluation frameworks to enable safer deployment in real-world applications.

Abstract

Multimodal Large Language Models (MLLMs) represent the cutting edge of AI technology, with DeepSeek models emerging as a leading open-source alternative offering competitive performance to closed-source systems. While these models demonstrate remarkable capabilities, their vision-language integration mechanisms introduce specific vulnerabilities. We implement an adapted embedding manipulation attack on DeepSeek Janus that induces targeted visual hallucinations through systematic optimization of image embeddings. Through extensive experimentation across COCO, DALL-E 3, and SVIT datasets, we achieve hallucination rates of up to 98.0% while maintaining high visual fidelity (SSIM > 0.88) of the manipulated images on open-ended questions. Our analysis demonstrates that both 1B and 7B variants of DeepSeek Janus are susceptible to these attacks, with closed-form evaluation showing consistently higher hallucination rates compared to open-ended questioning. We introduce a novel multi-prompt hallucination detection framework using LLaMA-3.1 8B Instruct for robust evaluation. The implications of these findings are particularly concerning given DeepSeek's open-source nature and widespread deployment potential. This research emphasizes the critical need for embedding-level security measures in MLLM deployment pipelines and contributes to the broader discussion of responsible AI implementation.

DeepSeek on a Trip: Inducing Targeted Visual Hallucinations via Representation Vulnerabilities

TL;DR

This work investigates targeted visual hallucinations in open-source multimodal LLMs by exploiting embedding vulnerabilities in DeepSeek Janus Pro. It introduces an embedding manipulation attack, a LLaMA-3.1 8B Instruct–based hallucination detector, and the LSD-Hallucination benchmark to quantify semantic disruption under controlled prompts. Across COCO, DALL·E 3, and SVIT, the attack achieves hallucination rates up to 98% while preserving image fidelity (SSIM > 0.88) and demonstrates that larger 7B models are more susceptible than 1B variants. The study highlights the security risks of open-source MLLMs and calls for embedding-level defenses and robust evaluation frameworks to enable safer deployment in real-world applications.

Abstract

Multimodal Large Language Models (MLLMs) represent the cutting edge of AI technology, with DeepSeek models emerging as a leading open-source alternative offering competitive performance to closed-source systems. While these models demonstrate remarkable capabilities, their vision-language integration mechanisms introduce specific vulnerabilities. We implement an adapted embedding manipulation attack on DeepSeek Janus that induces targeted visual hallucinations through systematic optimization of image embeddings. Through extensive experimentation across COCO, DALL-E 3, and SVIT datasets, we achieve hallucination rates of up to 98.0% while maintaining high visual fidelity (SSIM > 0.88) of the manipulated images on open-ended questions. Our analysis demonstrates that both 1B and 7B variants of DeepSeek Janus are susceptible to these attacks, with closed-form evaluation showing consistently higher hallucination rates compared to open-ended questioning. We introduce a novel multi-prompt hallucination detection framework using LLaMA-3.1 8B Instruct for robust evaluation. The implications of these findings are particularly concerning given DeepSeek's open-source nature and widespread deployment potential. This research emphasizes the critical need for embedding-level security measures in MLLM deployment pipelines and contributes to the broader discussion of responsible AI implementation.

Paper Structure

This paper contains 31 sections, 4 equations, 4 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Multimodal Large Language Models
  4. Adversarial Attacks on MLLMs
  5. Adversarial Vulnerabilities Across Domains
  6. DeepSeek MLLMs
  7. Methodology
  8. Embedding Optimization
  9. Implementation Details
  10. Results and Discussion
  11. Experimental Setup
  12. Dataset Creation
  13. Basic Semantic Evaluation
  14. LLaMA-Based Hallucination Detection
  15. Question Formulation
  16. ...and 16 more sections

Figures (4)

  • Figure 1: Examples of induced hallucinations in DeepSeek Janus through adversarial image manipulation. For each pair, we show the original image (green border), the target image (blue border), and the adversarially modified result (red border), along with the model's responses.
  • Figure 2: Examples of sample questions in our evaluation framework, showing the baseline (top), source (middle), and target (bottom) questions.
  • Figure :
  • Figure :