When the Prompt Becomes Visual: Vision-Centric Jailbreak Attacks for Large Image Editing Models

10d ago · Global · primary source: export.arxiv.org

Researchers have demonstrated a new class of attack against large image editing models that uses only visual inputs to bypass safety filters, and they have proposed a training-free defense to counter it, according to a paper posted on arXiv [1]. The study, led by Jiacheng Hou, targets a recent shift in how users interact with image editing models. Instead of typing text instructions, users now often guide edits with visual prompts such as marks, arrows, and visual-text cues [2]. The authors argue this shift makes the attack surface itself visual, a risk they say has been underexplored [2]. They introduce the Vision-Centric Jailbreak Attack (VJA), which they describe as the first visual-to-visual jailbreak method that conveys malicious instructions purely through images [2]. To test the attack, the team built IESBench, a safety-oriented benchmark for image editing models [2]. In experiments, VJA achieved an attack success rate of up to 80.9% on Nano Banana Pro and 70.1% on GPT-Image-1.5 [2]. The paper was first submitted on 10 February 2026 and revised on 26 June 2026 [1]. The authors warn the paper contains offensive images generated by the models during testing [2]. The work arrives as the broader AI industry grapples with safety challenges in generative systems. Text-to-image models such as Stable Diffusion, released in 2022, marked a departure from proprietary cloud-only tools by making code and model weights publicly available and runnable on consumer hardware [9]. The new attack class extends safety concerns beyond text prompts to the visual domain. To mitigate the vulnerability, the researchers propose a defense based on introspective multimodal reasoning. The method requires no additional training, uses no auxiliary guard models, and adds negligible computational overhead, yet it raises the safety of poorly aligned models to a level comparable with commercial systems, the paper states [2]. The defense does not rely on external filtering infrastructure, which the authors frame as a practical path toward safer image editing tools [2]. The paper is available on arXiv, a repository that hosts over 2.3 million scholarly articles and has integrated with platforms like Hugging Face Spaces to allow readers to run interactive demos of published research directly from a paper’s abstract page [4][5][6].

research-paperbenchmark

Background sources we checked (8)
  • arxiv.org ↗ Recent advances in large image editing models have shifted the paradigm from text-driven instructions to vision-prompt editing, where user intent is inferred directly from visual inputs such as marks, arrows, and visual-text prompts. While this paradigm greatly expands usability,…
  • arxiv.org ↗ We review thirteen generative systems and five supporting datasets for quantum circuit and quantum code generation, identified through a structured scoping review of Hugging Face, arXiv, and provenance tracing (January-February 2026). We organize the field along two axes: artifac…
  • huggingface.co ↗ Hugging Face Machine Learning Demos on arXiv ... # Hugging Face Machine Learning Demos on arXiv ... November 1 ... We’re very excited to announce that Hugging Face has collaborated with arXiv to make papers more accessible, discoverable, and fun! Starting today, Hugging Face Spac…
  • huggingface.co ↗ # How to Add a Space to ArXiv ... Demos on Hugging Face Spaces allow a wide audience to try out state-of-the-art machine learning research without writing any code. Hugging Face and ArXiv have collaborated to embed these demos directly along side papers on ArXiv! ... Thanks to th…
  • huggingface.co ↗ CCRss/arXiv_dataset · Datasets at Hugging Face # ArXiv Dataset ## Overview This dataset is a comprehensive collection of metadata from the ArXiv repository, a widely-recognized open-access archive offering access to scholarly articles in various fields of science. It covers a …
  • en.wikipedia.org ↗ Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd., doing business as DeepSeek, is a Chinese artificial intelligence (AI) company that develops large language models (LLMs). Based in Hangzhou, Zhejiang, DeepSeek is owned and funded by High-Flyer, a Chin…
  • en.wikipedia.org ↗ A large language model (LLM) is a type of machine learning model designed for natural language processing tasks such as language generation. LLMs are language models with many parameters, and are trained with self-supervised learning on a vast amount of text.…
  • en.wikipedia.org ↗ Stable Diffusion is a deep learning, text-to-image model released in 2022 based on diffusion techniques. The generative artificial intelligence technology is the premier product of Stability AI and is considered to be a part of the ongoing AI boom. It is primarily used to generat…

Sources

Spot something wrong? Report an issue