CalvinBackup/OmniSafeBench-MM
1
0
Fork 0
mirror of https://github.com/jiaxiaojunQAQ/OmniSafeBench-MM.git synced 2026-02-12 17:52:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
11 Commits 1 Branch 0 Tags
543e8feb251ec5743438dbe5391d93b73d652c5a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
jiaxiaojunQAQ 543e8feb25 Update
2025-12-03 01:18:13 +08:00
.idea
add readme
2025-11-03 02:28:54 +08:00
assets
Update
2025-12-03 01:11:17 +08:00
README.md
Update
2025-12-03 01:18:13 +08:00

README.md

OmniSafeBench-MM

🗡️ OmniSafeBench-MM: A Unified Benchmark and Toolbox for Multimodal Jailbreak AttackDefense Evaluation 🛡️

📰 News 📰

🗡️ What is OmniSafeBench-MM 🛡️

OmniSafeBench-MM is a unified benchmark and open-source toolbox for evaluating multimodal jailbreak attacks and defenses in Large VisionLanguage Models (MLLMs). It integrates a large-scale dataset spanning 89 major risk domains and 50 fine-grained categories, supports three real-world prompt types (consultative, imperative, declarative), and implements 13 representative attack methods and 15 defense strategies in a modular pipeline. Beyond traditional ASR, it introduces a three-dimensional evaluation protocol measuring harmfulness, intent alignment, and response detail, enabling fine-grained safetyutility analysis. Tested across 18 open-source and closed-source MLLMs, OmniSafeBench-MM provides a comprehensive, reproducible, and extensible platform for benchmarking multimodal safety.

🌐 Overview 🌐

HarmBench Evaluation Pipeline

Overview of OmniSafeBench-MM. The benchmark unifies multi-modal jailbreak attackdefense evaluation, 13 attack and 15 defense methods, and a three-dimensional scoring protocol measuring harmfulness, alignment, and detail.

🗡️ Integrated Attack Methods

Name Title Paper Code Classification
FigStep / FigStep-Pro FigStep: Jailbreaking Large Vision-Language Models via Typographic Visual Prompts link link Black-box — Structured visual carriers
QR-Attack (MM-SafetyBench) MM-SafetyBench: A Benchmark for Safety Evaluation of Multimodal Large Language Models link link Black-box — Structured visual carriers
MML Jailbreak Large Vision-Language Models Through Multi-Modal Linkage link link Black-box — Structured visual carriers
CS-DJ Distraction is All You Need for Multimodal Large Language Model Jailbreaking link link Black-box — OOD (attention / distribution manipulation)
SI-Attack Jailbreaking Multimodal Large Language Models via Shuffle Inconsistency link link Black-box — OOD (shuffle / attention inconsistency)
JOOD Playing the Fool: Jailbreaking LLMs and Multimodal LLMs with Out-of-Distribution Strategy link link Black-box — OOD (OOD strategy)
HIMRD Heuristic-Induced Multimodal Risk Distribution (HIMRD) Jailbreak Attack link link Black-box — OOD / risk distribution
HADES Images are Achilles Heel of Alignment: Exploiting Visual Vulnerabilities for Jailbreaking Multimodal Large Language Models link link Black-box — Structured visual carriers
BAP Jailbreak Vision Language Models via Bi-Modal Adversarial Prompt (BAP) link link White-box — Cross-modal
visual_adv Visual Adversarial Examples Jailbreak Aligned Large Language Models link link White-box — Single-modal
VisCRA VisCRA: A Visual Chain Reasoning Attack for Jailbreaking Multimodal Large Language Models link link Black-box — Structured visual carriers
UMK White-box Multimodal Jailbreaks Against Large Vision-Language Models (Universal Master Key, UMK) link link White-box — Cross-modal
PBI-Attack Prior-Guided Bimodal Interactive Black-Box Jailbreak Attack for Toxicity Maximization (PBI-Attack) link link Black-box — Query optimization & transfer
ImgJP / DeltaJP Jailbreaking Attack against Multimodal Large Language Model (imgJP / deltaJP) link link White-box — Single-modal
JPS JPS: Jailbreak Multimodal Large Language Models with Collaborative Visual Perturbation and Textual Steering link link White-box — Cross-modal

🛡️Integrated Defense Methods

Name Title Venue Paper Code
JailGuard JailGuard: A Universal Detection Framework for Prompt-based Attacks on LLM Systems TOSEM2025 link link
MLLM-Protector MLLM-Protector: Ensuring MLLM's Safety without Hurting Performance EMNLP 2024 link link
ECSO Eyes Closed, Safety On: Protecting Multimodal LLMs via Image-to-Text Transformation ECCV 2024 link link
ShieldLM ShieldLM: Empowering LLMs as Aligned, Customizable and Explainable Safety Detectors EMNLP 2024 link link
AdaShield AdaShield: Safeguarding Multimodal Large Language Models from Structure-based Attack via Adaptive Shield Prompting ECCV 2024 link link
Uniguard UNIGUARD: Towards Universal Safety Guardrails for Jailbreak Attacks on Multimodal Large Language Models ECCV 2024 link link
DPS Defending LVLMs Against Vision Attacks Through Partial-Perception Supervision ICML 2025 link link
CIDER Cross-modality Information Check for Detecting Jailbreaking in Multimodal Large Language Models EMNLP 2024 link link
GuardReasoner-VL GuardReasoner-VL: Safeguarding VLMs via Reinforced Reasoning ICML 2025 link link
Llama-Guard-4 Llama Guard 4 Model Card link link
QGuard QGuard: Question-based Zero-shot Guard for Multi-modal LLM Safety arXiv link link
LlavaGuard LlavaGuard: An Open VLM-based Framework for Safeguarding Vision Datasets and Models ICML 2025 link link
Llama-Guard-3 Llama Guard 3 Model Card link link
HiddenDetect HiddenDetect: Detecting Jailbreak Attacks against Multimodal Large Language Models via Monitoring Hidden States ACL 2025 link link
CoCA CoCA: Regaining Safety-awareness of Multimodal Large Language Models with Constitutional Calibration COLM 2024 link Null
VLGuard Safety Fine-Tuning at (Almost) No Cost: A Baseline for Vision Large Language Models ICML 2024 link link

More methods are coming soon!!

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 22 MiB
Languages
Python 100%