[2603.29418] Adversarial Prompt Injection Attack on Multimodal Large Language Models

Computer Science > Computer Vision and Pattern Recognition arXiv:2603.29418 (cs) [Submitted on 31 Mar 2026] Title:Adversarial Prompt Injection Attack on Multimodal Large Language Models Authors:Meiwen Ding, Song Xia, Chenqi Kong, Xudong Jiang View a PDF of the paper titled Adversarial Prompt Injection Attack on Multimodal Large Language Models, by Meiwen Ding and 3 other authors View PDF HTML (experimental) Abstract:Although multimodal large language models (MLLMs) are increasingly deployed in real-world applications, their instruction-following behavior leaves them vulnerable to prompt injection attacks. Existing prompt injection methods predominantly rely on textual prompts or perceptible visual prompts that are observable by human users. In this work, we study imperceptible visual prompt injection against powerful closed-source MLLMs, where adversarial instructions are embedded in the visual modality. Our method adaptively embeds the malicious prompt into the input image via a bounded text overlay to provide semantic guidance. Meanwhile, the imperceptible visual perturbation is iteratively optimized to align the feature representation of the attacked image with those of the malicious visual and textual targets at both coarse- and fine-grained levels. Specifically, the visual target is instantiated as a text-rendered image and progressively refined during optimization to more faithfully represent the desired semantics and improve transferability. Extensive experiments on...