Conference item
FORCE: transferable visual jailbreaking attacks via Feature Over-Reliance CorrEction
- Abstract:
-
The integration of new modalities enhances the capabilities of multimodal large language models (MLLMs) but also introduces additional vulnerabilities. In particular, simple visual jailbreaking attacks can manipulate open-source MLLMs more readily than sophisticated textual attacks. However, these underdeveloped attacks exhibit extremely limited cross-model transferability, failing to reliably identify vulnerabilities in closed-source MLLMs. In this work, we analyse the loss landscape of these jailbreaking attacks and find that the generated attacks tend to reside in highsharpness regions, whose effectiveness is highly sensitive to even minor parameter changes during transfer. To further explain the high-sharpness localisations, we analyse their feature representations in both the intermediate layers and the spectral domain, revealing an improper reliance on narrow layer representations and semantically poor frequency components. Building on this, we propose a Feature OverReliance CorrEction (FORCE) method, which guides the attack to explore broader feasible regions across layer features and rescales the influence of frequency features according to their semantic content. By eliminating non-generalizable reliance on both layer and spectral features, our method discovers flattened feasible regions for visual jailbreaking attacks, thereby improving cross-model transferability. Extensive experiments demonstrate that our approach effectively facilitates visual red-teaming evaluations against closedsource MLLMs. Our implementation is released at https: //github.com/tmllab/2026_CVPR_FORCE.
- Publication status:
- Accepted
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 1.4MB, Terms of use)
-
Authors
- Funder identifier:
- https://ror.org/0439y7842
- Grant:
- EP/W002981/1
- Publisher:
- IEEE
- Acceptance date:
- 2026-02-21
- Event title:
- Conference on Computer Vision and Pattern Recognition (CVPR 2026)
- Event location:
- Denver, Colorado, USA
- Event website:
- https://cvpr.thecvf.com/Conferences/2026
- Event start date:
- 2026-06-03
- Event end date:
- 2026-06-07
- Language:
-
English
- Pubs id:
-
2383919
- Local pid:
-
pubs:2383919
- Deposit date:
-
2026-03-03
- ARK identifier:
Terms of use
- Rights statement:
- This article is protected by copyright. All rights reserved.
- Notes:
- The author accepted manuscript (AAM) of this paper has been made available under the University of Oxford's Open Access Publications Policy, and a CC BY public copyright licence has been applied.
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record