Wei Zhao (Singapore Management University), Zhe Li (Singapore Management University), Yige Li (Singapore Management University), Jun Sun (Singapore Management University)

Multimodal Large Language Models (MLLMs) have demonstrated impressive capabilities in cross-modal understanding, but remain vulnerable to adversarial attacks through visual inputs despite robust textual safety mechanisms. These vulnerabilities arise from two core weaknesses: the continuous nature of visual representations, which allows for gradient-based attacks, and the inadequate transfer of text-based safety mechanisms to visual content. We introduce Q-MLLM, a novel architecture that integrates two-level vector quantization to create a discrete bottleneck against adversarial attacks while preserving multimodal reasoning capabilities. By discretizing visual representations at both pixel-patch and semantic levels, Q-MLLM blocks attack pathways and bridges the cross-modal safety alignment gap. Our two-stage training methodology ensures robust learning while maintaining model utility. Experiments demonstrate that Q-MLLM achieves significantly better defense success rate against both jailbreak attacks and toxic image attacks than existing approaches. Notably, Q-MLLM achieves perfect defense success rate (100%) against jailbreak attacks except in one arguable case, while maintaining competitive performance on multiple utility benchmarks with minimal inference overhead. This work establishes vector quantization as an effective defense mechanism for secure multimodal AI systems without requiring expensive safety-specific fine-tuning or detection overhead.

View More Papers

AWE: Adaptive Agents for Dynamic Web Penetration Testing

Akshat Singh Jaswal (Stux Labs), Ashish Baghel (Stux Labs)

Read More

Hardfuzz: DataFlow-Guided On-Device Fuzzing for Microcontrollers (Registered Report)

Kai Feng (School of Computing Science, University of Glasgow), Jeremy Singer (School of Computing Science, University of Glasgow), Angelos K Marnerides (Dept. of Electrical & Computer Engineering, KIOS CoE, University of Cyprus)

Read More

ReFuzz: Reusing Tests for Processor Fuzzing with Contextual Bandits

Chen Chen (Texas A&M University, USA), Zaiyan Xu (Texas A&M University, USA), Mohamadreza Rostami (Technische Universitat Darmstadt, Germany), David Liu (Texas A&M University, USA), Dileep Kalathil (Texas A&M University, USA), Ahmad-Reza Sadeghi (Technische Universitat Darmstadt, Germany), Jeyavijayan (JV) Rajendran (Texas A&M University, USA)

Read More