S0084Critical

多模態提示注入

Operation & Monitoring

Risk Description

Attackers hide malicious instructions in non-text modalities such as images, audio, or video, exploiting multi-modal models understanding capabilities to trigger prompt injection. For example, embedding human-invisible but model-readable text instructions in images, or mixing hidden commands in ultrasonic frequency ranges in audio. As existing defenses primarily target text prompts, multi-modal injection often bypasses safety filters.

Framework Mappings

iso 23894R2
cosaiPrompt Injection
owasp llmLLM01
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 跨模態安全掃描
  • 輸入標準化處理

Implementation Steps English translation pending

  1. 對所有模態的輸入進行安全掃描,不僅限於文字
  2. 實施輸入標準化處理(如圖片重新編碼、音訊降噪)以消除隱藏內容
  3. 部署跨模態指令偵測器,識別非文字模態中的文字指令模式
  4. 在模態融合前進行獨立安全驗證