Medical MLLM Is Vulnerable: Cross-Modality Jailbreak and Mismatched Attacks on Medical Multimodal Large Language Models

Authors

  • Xijie Huang Beihang University
  • Xinyuan Wang Beihang University
  • Hantao Zhang University of Science and Technology of China
  • Yinghao Zhu Beihang University
  • Jiawen Xi Beihang University
  • Jingkun An Beihang University
  • Hao Wang Beihang University
  • Hao Liang Beihang University
  • Chengwei Pan Beihang University Zhongguancun Laboratory

DOI:

https://doi.org/10.1609/aaai.v39i4.32396

Abstract

Security concerns related to Large Language Models (LLMs) have been extensively explored; however, the safety implications for Multimodal Large Language Models (MLLMs), particularly in medical contexts (MedMLLMs), remain inadequately addressed. This paper investigates the security vulnerabilities of MedMLLMs, focusing on their deployment in clinical environments where the accuracy and relevance of question-and-answer interactions are crucial for addressing complex medical challenges. We introduce and redefine two attack types: mismatched malicious attack (2M-attack) and optimized mismatched malicious attack (O2M-attack), by integrating existing clinical data with atypical natural phenomena. Using the comprehensive 3MAD dataset that we developed, which spans a diverse range of medical imaging modalities and adverse medical scenarios, we performed an in-depth analysis and proposed the MCM optimization method. This approach significantly improves the attack success rate against MedMLLMs. Our evaluations, which include white-box attacks on LLaVA-Med and transfer (black-box) attacks on four other SOTA models, reveal that even MedMLLMs designed with advanced security mechanisms remain vulnerable to breaches. This study highlights the critical need for robust security measures to enhance the safety and reliability of open-source MedMLLMs, especially in light of the potential impact of jailbreak attacks and other malicious exploits in clinical applications. Warning: Medical jailbreaking may generate content that includes unverified diagnoses and treatment recommendations. Always consult professional medical advice.
AAAI-25 / IAAI-25 / EAAI-25 Proceedings Cover

Downloads

Published

2025-04-11

How to Cite

Huang, X., Wang, X., Zhang, H., Zhu, Y., Xi, J., An, J., … Pan, C. (2025). Medical MLLM Is Vulnerable: Cross-Modality Jailbreak and Mismatched Attacks on Medical Multimodal Large Language Models. Proceedings of the AAAI Conference on Artificial Intelligence, 39(4), 3797–3805. https://doi.org/10.1609/aaai.v39i4.32396

Issue

Vol. 39 No. 4: AAAI-25 Technical Tracks 4

Section

AAAI Technical Track on Computer Vision III