With the rapid advancements in Multimodal Large Language Models (MLLMs), securing these models against malicious inputs while aligning them with human values has emerged as a critical challenge. In this paper, we investigate an important and unexplored question of whether techniques that successfully jailbreak Large Language Models (LLMs) can be equally effective in jailbreaking MLLMs. To explore this issue, we introduce JailBreakV-28K, a pioneering benchmark designed to assess the transferability of LLM jailbreak techniques to MLLMs, thereby evaluating the robustness of MLLMs against diverse jailbreak attacks. Utilizing a dataset of 2, 000 malicious queries that is also proposed in this paper, we generate 20, 000 text-based jailbreak prompts using advanced jailbreak attacks on LLMs, alongside 8, 000 image-based jailbreak inputs from recent MLLMs jailbreak attacks, our comprehensive dataset includes 28, 000 test cases across a spectrum of adversarial scenarios. Our evaluation of 10 open-source MLLMs reveals a notably high Attack Success Rate (ASR) for attacks transferred from LLMs, highlighting a critical vulnerability in MLLMs that stems from their text-processing capabilities. Our findings underscore the urgent need for future research to address alignment vulnerabilities in MLLMs from both textual and visual inputs.

翻译：随着多模态大语言模型（MLLMs）的快速发展，如何保护这些模型免受恶意输入攻击并使其与人类价值观对齐已成为一项关键挑战。本文探讨了一个重要且尚未被探索的问题：成功使大语言模型（LLMs）越狱的技术是否同样能有效攻击多模态大语言模型。为探究此问题，我们提出了JailBreakV-28K——一个开创性的基准测试，旨在评估LLM越狱技术向MLLMs迁移的能力，从而衡量MLLMs在面对多样化越狱攻击时的鲁棒性。利用本文同时提出的包含2000条恶意查询的数据集，我们通过针对LLMs的高级越狱攻击生成了20000个基于文本的越狱提示，并结合近期MLLMs越狱攻击中产生的8000个基于图像的越狱输入，构建了一个涵盖多种对抗场景、总计28000个测试用例的综合数据集。我们对10个开源MLLMs的评估显示，从LLMs迁移而来的攻击呈现出显著的高攻击成功率（ASR），这揭示了MLLMs因其文本处理能力而存在的关键脆弱性。我们的研究结果强调，未来研究亟需从文本和视觉输入两方面解决MLLMs的对齐漏洞问题。