DefenSee: Dissecting Threat from Sight and Text -- A Multi-View Defensive Pipeline for Multi-modal Jailbreaks
Zihao Wang, Kar Wai Fok, Vrizlynn L. L. Thing
TL;DR
DefenSee presents a modular, inference-time defense for multi-modal jailbreaks in MLLMs by combining robust image content analysis, image variant transcription, and cross-modal consistency checks. The approach leverages human-like threat assessment and a defense prompt fusion to detect and neutralize cross-modal attacks without retraining. Empirical results on MM-SafetyBench and MM-Vet demonstrate markedly lower ASR and favorable over-defense trade-offs compared with state-of-the-art baselines, while maintaining benign performance. The work offers a practical, model-agnostic solution with scalable deployment potential and outlines future directions for extending to broader adversarial settings.
Abstract
Multi-modal large language models (MLLMs), capable of processing text, images, and audio, have been widely adopted in various AI applications. However, recent MLLMs integrating images and text remain highly vulnerable to coordinated jailbreaks. Existing defenses primarily focus on the text, lacking robust multi-modal protection. As a result, studies indicate that MLLMs are more susceptible to malicious or unsafe instructions, unlike their text-only counterparts. In this paper, we proposed DefenSee, a robust and lightweight multi-modal black-box defense technique that leverages image variants transcription and cross-modal consistency checks, mimicking human judgment. Experiments on popular multi-modal jailbreak and benign datasets show that DefenSee consistently enhances MLLM robustness while better preserving performance on benign tasks compared to SOTA defenses. It reduces the ASR of jailbreak attacks to below 1.70% on MiniGPT4 using the MM-SafetyBench benchmark, significantly outperforming prior methods under the same conditions.