智能的副作用:多模态大模型多图推理的安全风险
The Side Effects of Being Smart: Safety Risks in MLLMs' Multi-Image Reasoning
January 20, 2026
作者: Renmiao Chen, Yida Lu, Shiyao Cui, Xuan Ouyang, Victor Shea-Jay Huang, Shumin Zhang, Chengwei Pan, Han Qiu, Minlie Huang
cs.AI
摘要
随着多模态大语言模型(MLLMs)在处理复杂多图像指令方面的推理能力不断增强,这一进步可能带来新的安全风险。我们通过构建首个专注于多图像推理安全性的基准测试MIR-SafetyBench来研究该问题,该基准包含涵盖9类多图像关系的2,676个测试实例。针对19个MLLMs的大规模评估揭示了一个令人担忧的趋势:具备更先进多图像推理能力的模型在MIR-SafetyBench上反而表现出更高脆弱性。除攻击成功率外,我们发现许多被标记为安全的回复流于表面,往往源于模型误解或回避性的模糊应答。进一步观察表明,不安全生成内容相较于安全回复平均具有更低的注意力熵值。这一内部特征暗示了模型可能过度聚焦任务解决而忽视安全约束的潜在风险。相关代码与数据已发布于https://github.com/thu-coai/MIR-SafetyBench。
English
As Multimodal Large Language Models (MLLMs) acquire stronger reasoning capabilities to handle complex, multi-image instructions, this advancement may pose new safety risks. We study this problem by introducing MIR-SafetyBench, the first benchmark focused on multi-image reasoning safety, which consists of 2,676 instances across a taxonomy of 9 multi-image relations. Our extensive evaluations on 19 MLLMs reveal a troubling trend: models with more advanced multi-image reasoning can be more vulnerable on MIR-SafetyBench. Beyond attack success rates, we find that many responses labeled as safe are superficial, often driven by misunderstanding or evasive, non-committal replies. We further observe that unsafe generations exhibit lower attention entropy than safe ones on average. This internal signature suggests a possible risk that models may over-focus on task solving while neglecting safety constraints. Our code and data are available at https://github.com/thu-coai/MIR-SafetyBench.