UMass AI&Sec Fall '25 Seminar: Tingwei Zhang, Exposing and Exploiting Vulnerabilities in Multi-Modal Representations
Content
Speaker
Tingwei Zhang (Cornell Tech)
Abstract
Multi-modal embeddings align representations across different modalities (e.g., text, images, and audio) and serve as a core component of modern machine learning systems. However, their cross-modal nature also introduces new attack surfaces and security challenges. In this talk, I will present three works that expose vulnerabilities in multi-modal embeddings and propose potential defenses.
Adversarial Illusions: We show that embeddings can be attacked by perturbing an input to make its representation match a chosen target from another modality. These attacks are cross-modal, targeted, and compromise any downstream tasks.
Adversarial Hubs: We show that high-dimensional multi-modal spaces suffer from hubness—where certain points become spuriously similar to many others—and that attackers can exploit this property to inject adversarial “hub” content that dominates retrieval results or targets specific concepts.
Indirect Prompt Injection: We present indirect, cross-modal prompt injection attacks where hidden “meta-instructions” embedded in images influence the behavior of visual language models. These attacks enable adversaries to manipulate model interpretation and generation, leading to biased or harmful outputs.
Speaker Bio
Tingwei Zhang is a third-year PhD student in Computer Science at Cornell Tech, advised by Professor Vitaly Shmatikov. His research focuses on security and privacy challenges in machine learning technologies, particularly in real-world scenarios and under adversarial conditions, with the goal of developing secure, ethical, and privacy-preserving AI systems.
Host