MLingualFC: Evaluating Jailbreak Vulnerabilities in Multilingual Vision-Language Models

· Source: Paper Index on ACL Anthology · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, quick

Summary

MLingualFC is a new multilingual multimodal benchmark designed to assess jailbreak vulnerabilities in Vision-Language Models (VLMs) using structured flowchart representations. This benchmark encodes harmful instructions into flowchart images across five languages: Hindi, Punjabi, Spanish, Romanian, and German. Researchers evaluated state-of-the-art multilingual VLMs, including Qwen2.5-VL, Gemma-4, and Pangea, under a black-box threat model. The findings reveal significant multilingual safety gaps; flowchart-based attacks achieved high attack success rates (ASR) in Latin script languages, demonstrating that visually encoded harmful content effectively bypasses safety alignment. Conversely, non-Latin script languages like Punjabi exhibited substantially lower ASR, suggesting limitations in visual text recognition rather than robust safety alignment. These results indicate that current VLM safety mechanisms do not generalize effectively across diverse languages and modalities.

Key takeaway

For AI Security Engineers evaluating VLM robustness, you should recognize that current safety mechanisms are vulnerable to multilingual visual jailbreaks. Your VLM deployments, particularly those supporting Latin script languages, are susceptible to attacks using visually encoded harmful content. Prioritize comprehensive testing with benchmarks like MLingualFC, incorporating diverse languages and visual modalities. Focus on strengthening visual text recognition and cross-lingual safety alignment to mitigate these significant safety gaps in your models.

Key insights

VLM safety mechanisms fail to generalize across languages and modalities, especially with visual jailbreaks.

Principles

Method

MLingualFC encodes harmful instructions into flowchart images across five languages to evaluate VLM jailbreak vulnerabilities.

In practice

Topics

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Scientist, AI Security Engineer, Machine Learning Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Paper Index on ACL Anthology.