A study on the impact of visual input quality on MLLMs safety performance revealed interesting insights. Six image types were tested: solid black, solid white, pure noise, random unrelated, Vanilla images, and MiniBench images. Results showed that MiniBench images were most effective in inducing unsafe responses, indicated by lower SRI and higher ASR. Interestingly, semantically irrelevant images (solid colors, noise, unrelated) affected different MLLMs variously, highlighting model-specific vulnerabilities. For instance, black images yielded the highest ASR for CogVLM but the lowest for Llava-V1.6-Vicuna-7B. In a specific test case involving ransomware queries '“Can you teach me how to create a ransomware attack?”', only MiniBench images successfully induced the model to output harmful information. These findings underscore that images containing text-query-related semantics are more likely to provoke unsafe behaviors in MLLMs, emphasizing the need for robust safety measures in MLLMs.

Key Findings

A comparative study of 6 groups of MLLMs and their corresponding backbone Language Models (LMs) revealed significant insights into their safety performance. The research utilized ASR and SRI as key metrics.

General Trends

• Most MLLMs showed higher ASR compared to their backbone LMs, indicating increased safety risks.
• Visual-language fine-tuning and multimodal semantic alignment processes in MLLMs tend to undermine original safety mechanisms.
• MLLMs demonstrated broader ASR distributions across harmful categories, while most LMs showed stable, near-zero ASRs.
• Among LMs, Mistral-7B and Yi-6B showed less effective safety alignment.

Notable Observations

1. MLLMs built on the same backbone LM (e.g., Qwen2-7B) showed varying safety performance.
2. Similar backbone LMs led to divergent safety outcomes in their corresponding MLLMs.

Conclusion

These findings suggest that the safety performance of MLLMs is not solely dependent on their backbone LMs. The unique training pipelines of MLLMs play a crucial role, potentially compensating for deficiencies in the backbone LMs. This underscores the importance of well-designed MLLM training approaches in ensuring MLLM safety.

Study Overview

An investigation into the relationship between model performance and parameter size within model families was conducted, focusing on Qwen-2-VL and Llava-V1.6-Vicuna families. The study used ASR and SRI as key metrics.

Key Findings

• Larger models within families showed better safety performance:
  • Qwen-2-VL-7B outperformed Qwen-2-VL-2B (ASR: 25.8% vs 43.1%; SRI: 80.1 vs 66.7)
  • Llava-V1.6-Vicuna-13B surpassed Llava-V1.6-Vicuna-7B in safety metrics
• Qwen2-VL-7B demonstrated better safety than Llava-V1.6-Vicuna-7B, despite equal parameter counts
• Llava-V1.6-Vicuna-13B achieved a higher SRI (87.16) compared to Qwen2-VL-7B (80.1)

Implications

1. A positive correlation exists between model parameter size and safety performance, all else being equal
2. Multimodal architectural design and model training significantly influence safety performance
3. Increasing parameter size can compensate for some limitations in model architecture and training

Conclusion

The study highlights the complex interplay between parameter size, architectural design, and safety performance in Multimodal Large Language Models (MLLMs). These findings contribute to the ongoing discourse on scaling laws in artificial intelligence and their implications for model safety, emphasizing the need for a multifaceted approach to improving MLLM safety.