000298420 001__ 298420
000298420 005__ 20250209015241.0
000298420 0247_ $$2doi$$a10.1038/s41467-024-55631-x
000298420 0247_ $$2pmid$$apmid:39890777
000298420 0247_ $$2pmc$$apmc:PMC11785991
000298420 0247_ $$2altmetric$$aaltmetric:173693774
000298420 037__ $$aDKFZ-2025-00276
000298420 041__ $$aEnglish
000298420 082__ $$a500
000298420 1001_ $$aClusmann, Jan$$b0
000298420 245__ $$aPrompt injection attacks on vision language models in oncology.
000298420 260__ $$a[London]$$bSpringer Nature$$c2025
000298420 3367_ $$2DRIVER$$aarticle
000298420 3367_ $$2DataCite$$aOutput Types/Journal article
000298420 3367_ $$0PUB:(DE-HGF)16$$2PUB:(DE-HGF)$$aJournal Article$$bjournal$$mjournal$$s1738592266_6792
000298420 3367_ $$2BibTeX$$aARTICLE
000298420 3367_ $$2ORCID$$aJOURNAL_ARTICLE
000298420 3367_ $$00$$2EndNote$$aJournal Article
000298420 520__ $$aVision-language artificial intelligence models (VLMs) possess medical knowledge and can be employed in healthcare in numerous ways, including as image interpreters, virtual scribes, and general decision support systems. However, here, we demonstrate that current VLMs applied to medical tasks exhibit a fundamental security flaw: they can be compromised by prompt injection attacks. These can be used to output harmful information just by interacting with the VLM, without any access to its parameters. We perform a quantitative study to evaluate the vulnerabilities to these attacks in four state of the art VLMs: Claude-3 Opus, Claude-3.5 Sonnet, Reka Core, and GPT-4o. Using a set of N = 594 attacks, we show that all of these models are susceptible. Specifically, we show that embedding sub-visual prompts in manifold medical imaging data can cause the model to provide harmful output, and that these prompts are non-obvious to human observers. Thus, our study demonstrates a key vulnerability in medical VLMs which should be mitigated before widespread clinical adoption.
000298420 536__ $$0G:(DE-HGF)POF4-313$$a313 - Krebsrisikofaktoren und Prävention (POF4-313)$$cPOF4-313$$fPOF IV$$x0
000298420 588__ $$aDataset connected to CrossRef, PubMed, , Journals: inrepo02.dkfz.de
000298420 650_2 $$2MeSH$$aHumans
000298420 650_2 $$2MeSH$$aArtificial Intelligence
000298420 650_2 $$2MeSH$$aMedical Oncology: methods
000298420 650_2 $$2MeSH$$aAlgorithms
000298420 7001_ $$aFerber, Dyke$$b1
000298420 7001_ $$aWiest, Isabella C$$b2
000298420 7001_ $$aSchneider, Carolin V$$b3
000298420 7001_ $$0P:(DE-He78)1e33961c8780aca9b76d776d1fdc1ebb$$aBrinker, Titus J$$b4$$udkfz
000298420 7001_ $$aFoersch, Sebastian$$b5
000298420 7001_ $$00000-0002-9605-0728$$aTruhn, Daniel$$b6
000298420 7001_ $$aKather, Jakob Nikolas$$b7
000298420 773__ $$0PERI:(DE-600)2553671-0$$a10.1038/s41467-024-55631-x$$gVol. 16, no. 1, p. 1239$$n1$$p1239$$tNature Communications$$v16$$x2041-1723$$y2025
000298420 909CO $$ooai:inrepo02.dkfz.de:298420$$pVDB
000298420 9101_ $$0I:(DE-588b)2036810-0$$6P:(DE-He78)1e33961c8780aca9b76d776d1fdc1ebb$$aDeutsches Krebsforschungszentrum$$b4$$kDKFZ
000298420 9131_ $$0G:(DE-HGF)POF4-313$$1G:(DE-HGF)POF4-310$$2G:(DE-HGF)POF4-300$$3G:(DE-HGF)POF4$$4G:(DE-HGF)POF$$aDE-HGF$$bGesundheit$$lKrebsforschung$$vKrebsrisikofaktoren und Prävention$$x0
000298420 9141_ $$y2025
000298420 915__ $$0StatID:(DE-HGF)0100$$2StatID$$aJCR$$bNAT COMMUN : 2022$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0200$$2StatID$$aDBCoverage$$bSCOPUS$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0300$$2StatID$$aDBCoverage$$bMedline$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0501$$2StatID$$aDBCoverage$$bDOAJ Seal$$d2024-01-30T07:48:07Z
000298420 915__ $$0StatID:(DE-HGF)0500$$2StatID$$aDBCoverage$$bDOAJ$$d2024-01-30T07:48:07Z
000298420 915__ $$0StatID:(DE-HGF)0030$$2StatID$$aPeer Review$$bDOAJ : Peer review$$d2024-01-30T07:48:07Z
000298420 915__ $$0LIC:(DE-HGF)CCBYNV$$2V:(DE-HGF)$$aCreative Commons Attribution CC BY (No Version)$$bDOAJ$$d2024-01-30T07:48:07Z
000298420 915__ $$0StatID:(DE-HGF)0199$$2StatID$$aDBCoverage$$bClarivate Analytics Master Journal List$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)1040$$2StatID$$aDBCoverage$$bZoological Record$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)1060$$2StatID$$aDBCoverage$$bCurrent Contents - Agriculture, Biology and Environmental Sciences$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)1150$$2StatID$$aDBCoverage$$bCurrent Contents - Physical, Chemical and Earth Sciences$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)1050$$2StatID$$aDBCoverage$$bBIOSIS Previews$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0160$$2StatID$$aDBCoverage$$bEssential Science Indicators$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)1030$$2StatID$$aDBCoverage$$bCurrent Contents - Life Sciences$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)1190$$2StatID$$aDBCoverage$$bBiological Abstracts$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0113$$2StatID$$aWoS$$bScience Citation Index Expanded$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0150$$2StatID$$aDBCoverage$$bWeb of Science Core Collection$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)9915$$2StatID$$aIF >= 15$$bNAT COMMUN : 2022$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0561$$2StatID$$aArticle Processing Charges$$d2025-01-02
000298420 915__ $$0StatID:(DE-HGF)0700$$2StatID$$aFees$$d2025-01-02
000298420 9201_ $$0I:(DE-He78)C140-20160331$$kC140$$lDigitale Prävention, Diagnostik und Therapiesteuerung$$x0
000298420 980__ $$ajournal
000298420 980__ $$aVDB
000298420 980__ $$aI:(DE-He78)C140-20160331
000298420 980__ $$aUNRESTRICTED