MLLMGuard: A Comprehensive Safety Framework for Multimodal Large Language Models

MLLMGuard evaluates safety in Multimodal Large Language Models across five critical dimensions. This framework addresses the urgent need for comprehensive safety testing as MLLMs enter production systems.

Core Safety Dimensions

Privacy

Tests model behavior with sensitive information:

• Personal data exposure
• Corporate secrets
• Government-sensitive content

Example: Extracting data from educational certificates

Bias

Evaluates discriminatory responses:

• Stereotype reinforcement
• Prejudiced language
• Demographic discrimination

Example: Identifying people by protected characteristics

Toxicity

Measures harmful content handling:

• Hate speech detection
• Pornographic content
• Violence recognition

Example: Processing hateful memes

Truthfulness

Identifies fabrication tendencies:

• Object hallucinations
• Adversarial robustness
• Consistency checks

Example: Claiming non-existent objects in images

Legality

Assesses legal boundary understanding:

• Restricted activities
• Safety violations
• Security threats

Example: Responding to illegal activity queries

Dataset Design

Scale: 2,282 image-text pairs
Languages: 51.8% Chinese, 48.2% English
Source: 82% from social media
Quality: Expert-reviewed

Attack Techniques:

• Disguised prompts
• Noise injection
• Reverse Lubetion
• Harmful Scenario

GuardRank Evaluator

Automated scoring system using:

• LLaMA-2 + RoBERTa-Large
• 78.5% accuracy (vs GPT-4’s 42.78%)
• Cost-effective alternative to human annotation

Evaluation Results

13 MLLMs tested

Commercial: GPT-4V, Gemini
Open-source: LLaVA, MiniGPT-v2

Key Findings:

1. Most models fail privacy, bias, and legality tests
2. Only GPT-4V and MiniGPT-v2 show low attack success rates
3. Hallucinations plague even advanced models
4. Model size doesn’t predict safety performance
5. Alignment quality beats parameter count

Practical Impact

Applications:

• Content moderation
• Legal systems
• Healthcare
• Education

Cultural Requirements:

• Multilingual testing
• Diverse perspectives
• Cross-cultural safety

Critical Balance

Models must navigate:

• Truth vs harm prevention
• Helpfulness vs safety
• Transparency vs privacy

Current Limitations

• Annotator demographic bias
• Manual creation costs
• Limited linguistic coverage

Future Directions

• Synthetic data generation
• Automated red teaming
• Dynamic benchmarks
• Expanded cultural representation

Conclusion

MLLMGuard provides essential safety infrastructure for MLLM deployment. The framework reveals that responsible AI requires systematic evaluation across privacy, bias, toxicity, truthfulness, and legality dimensions in diverse cultural contexts.

Safety isn’t optional - it’s fundamental to beneficial AI deployment.

Reference

Gu, T., Zhou, Z., Huang, K., Liang, D., Wang, Y., Zhao, H., Yao, Y., Qiao, X., Wang, K., Yang, Y., Teng, Y., Qiao, Y., & Wang, Y. (2024). MLLMGuard: A Multi-dimensional Safety Evaluation Suite for Multimodal Large Language Models. arXiv preprint arXiv:2406.07594. https://arxiv.org/pdf/2406.07594