Search papers, labs, and topics across Lattice.
This paper introduces HyPE and HyPS, a novel framework for detecting and sanitizing harmful prompts in Vision-Language Models (VLMs) by leveraging hyperbolic geometry to model benign prompt embeddings and identify outliers. HyPE uses hyperbolic space to efficiently detect harmful prompts as anomalies, while HyPS applies attribution methods to selectively modify harmful words. Experiments demonstrate that HyPE and HyPS outperform existing defenses in detection accuracy and robustness across various datasets and adversarial scenarios.
Modeling prompt embeddings in hyperbolic space enables lightweight, geometry-aware detection of harmful VLM prompts that outperforms existing defenses.
Vision-Language Models (VLMs) have become essential for tasks such as image synthesis, captioning, and retrieval by aligning textual and visual information in a shared embedding space. Yet, this flexibility also makes them vulnerable to malicious prompts designed to produce unsafe content, raising critical safety concerns. Existing defenses either rely on blacklist filters, which are easily circumvented, or on heavy classifier-based systems, both of which are costly and fragile under embedding-level attacks. We address these challenges with two complementary components: Hyperbolic Prompt Espial (HyPE) and Hyperbolic Prompt Sanitization (HyPS). HyPE is a lightweight anomaly detector that leverages the structured geometry of hyperbolic space to model benign prompts and detect harmful ones as outliers. HyPS builds on this detection by applying explainable attribution methods to identify and selectively modify harmful words, neutralizing unsafe intent while preserving the original semantics of user prompts. Through extensive experiments across multiple datasets and adversarial scenarios, we prove that our framework consistently outperforms prior defenses in both detection accuracy and robustness. Together, HyPE and HyPS offer an efficient, interpretable, and resilient approach to safeguarding VLMs against malicious prompt misuse.