guest ::
| Home > Publications database > Prompt injection attacks on vision language models in oncology. > print |
| Home > Publications database > Prompt injection attacks on vision language models in oncology. > print |
| 001 | 298420 | ||
| 005 | 20250209015241.0 | ||
| 024 | 7 | _ | |a 10.1038/s41467-024-55631-x |2 doi |
| 024 | 7 | _ | |a pmid:39890777 |2 pmid |
| 024 | 7 | _ | |a pmc:PMC11785991 |2 pmc |
| 024 | 7 | _ | |a altmetric:173693774 |2 altmetric |
| 037 | _ | _ | |a DKFZ-2025-00276 |
| 041 | _ | _ | |a English |
| 082 | _ | _ | |a 500 |
| 100 | 1 | _ | |a Clusmann, Jan |b 0 |
| 245 | _ | _ | |a Prompt injection attacks on vision language models in oncology. |
| 260 | _ | _ | |a [London] |c 2025 |b Springer Nature |
| 336 | 7 | _ | |a article |2 DRIVER |
| 336 | 7 | _ | |a Output Types/Journal article |2 DataCite |
| 336 | 7 | _ | |a Journal Article |b journal |m journal |0 PUB:(DE-HGF)16 |s 1738592266_6792 |2 PUB:(DE-HGF) |
| 336 | 7 | _ | |a ARTICLE |2 BibTeX |
| 336 | 7 | _ | |a JOURNAL_ARTICLE |2 ORCID |
| 336 | 7 | _ | |a Journal Article |0 0 |2 EndNote |
| 520 | _ | _ | |a Vision-language artificial intelligence models (VLMs) possess medical knowledge and can be employed in healthcare in numerous ways, including as image interpreters, virtual scribes, and general decision support systems. However, here, we demonstrate that current VLMs applied to medical tasks exhibit a fundamental security flaw: they can be compromised by prompt injection attacks. These can be used to output harmful information just by interacting with the VLM, without any access to its parameters. We perform a quantitative study to evaluate the vulnerabilities to these attacks in four state of the art VLMs: Claude-3 Opus, Claude-3.5 Sonnet, Reka Core, and GPT-4o. Using a set of N = 594 attacks, we show that all of these models are susceptible. Specifically, we show that embedding sub-visual prompts in manifold medical imaging data can cause the model to provide harmful output, and that these prompts are non-obvious to human observers. Thus, our study demonstrates a key vulnerability in medical VLMs which should be mitigated before widespread clinical adoption. |
| 536 | _ | _ | |a 313 - Krebsrisikofaktoren und Prävention (POF4-313) |0 G:(DE-HGF)POF4-313 |c POF4-313 |f POF IV |x 0 |
| 588 | _ | _ | |a Dataset connected to CrossRef, PubMed, , Journals: inrepo02.dkfz.de |
| 650 | _ | 2 | |a Humans |2 MeSH |
| 650 | _ | 2 | |a Artificial Intelligence |2 MeSH |
| 650 | _ | 2 | |a Medical Oncology: methods |2 MeSH |
| 650 | _ | 2 | |a Algorithms |2 MeSH |
| 700 | 1 | _ | |a Ferber, Dyke |b 1 |
| 700 | 1 | _ | |a Wiest, Isabella C |b 2 |
| 700 | 1 | _ | |a Schneider, Carolin V |b 3 |
| 700 | 1 | _ | |a Brinker, Titus J |0 P:(DE-He78)1e33961c8780aca9b76d776d1fdc1ebb |b 4 |u dkfz |
| 700 | 1 | _ | |a Foersch, Sebastian |b 5 |
| 700 | 1 | _ | |a Truhn, Daniel |0 0000-0002-9605-0728 |b 6 |
| 700 | 1 | _ | |a Kather, Jakob Nikolas |b 7 |
| 773 | _ | _ | |a 10.1038/s41467-024-55631-x |g Vol. 16, no. 1, p. 1239 |0 PERI:(DE-600)2553671-0 |n 1 |p 1239 |t Nature Communications |v 16 |y 2025 |x 2041-1723 |
| 909 | C | O | |o oai:inrepo02.dkfz.de:298420 |p VDB |
| 910 | 1 | _ | |a Deutsches Krebsforschungszentrum |0 I:(DE-588b)2036810-0 |k DKFZ |b 4 |6 P:(DE-He78)1e33961c8780aca9b76d776d1fdc1ebb |
| 913 | 1 | _ | |a DE-HGF |b Gesundheit |l Krebsforschung |1 G:(DE-HGF)POF4-310 |0 G:(DE-HGF)POF4-313 |3 G:(DE-HGF)POF4 |2 G:(DE-HGF)POF4-300 |4 G:(DE-HGF)POF |v Krebsrisikofaktoren und Prävention |x 0 |
| 914 | 1 | _ | |y 2025 |
| 915 | _ | _ | |a JCR |0 StatID:(DE-HGF)0100 |2 StatID |b NAT COMMUN : 2022 |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0200 |2 StatID |b SCOPUS |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0300 |2 StatID |b Medline |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0501 |2 StatID |b DOAJ Seal |d 2024-01-30T07:48:07Z |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0500 |2 StatID |b DOAJ |d 2024-01-30T07:48:07Z |
| 915 | _ | _ | |a Peer Review |0 StatID:(DE-HGF)0030 |2 StatID |b DOAJ : Peer review |d 2024-01-30T07:48:07Z |
| 915 | _ | _ | |a Creative Commons Attribution CC BY (No Version) |0 LIC:(DE-HGF)CCBYNV |2 V:(DE-HGF) |b DOAJ |d 2024-01-30T07:48:07Z |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0199 |2 StatID |b Clarivate Analytics Master Journal List |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)1040 |2 StatID |b Zoological Record |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)1060 |2 StatID |b Current Contents - Agriculture, Biology and Environmental Sciences |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)1150 |2 StatID |b Current Contents - Physical, Chemical and Earth Sciences |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)1050 |2 StatID |b BIOSIS Previews |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0160 |2 StatID |b Essential Science Indicators |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)1030 |2 StatID |b Current Contents - Life Sciences |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)1190 |2 StatID |b Biological Abstracts |d 2025-01-02 |
| 915 | _ | _ | |a WoS |0 StatID:(DE-HGF)0113 |2 StatID |b Science Citation Index Expanded |d 2025-01-02 |
| 915 | _ | _ | |a DBCoverage |0 StatID:(DE-HGF)0150 |2 StatID |b Web of Science Core Collection |d 2025-01-02 |
| 915 | _ | _ | |a IF >= 15 |0 StatID:(DE-HGF)9915 |2 StatID |b NAT COMMUN : 2022 |d 2025-01-02 |
| 915 | _ | _ | |a Article Processing Charges |0 StatID:(DE-HGF)0561 |2 StatID |d 2025-01-02 |
| 915 | _ | _ | |a Fees |0 StatID:(DE-HGF)0700 |2 StatID |d 2025-01-02 |
| 920 | 1 | _ | |0 I:(DE-He78)C140-20160331 |k C140 |l Digitale Prävention, Diagnostik und Therapiesteuerung |x 0 |
| 980 | _ | _ | |a journal |
| 980 | _ | _ | |a VDB |
| 980 | _ | _ | |a I:(DE-He78)C140-20160331 |
| 980 | _ | _ | |a UNRESTRICTED |
| Library | Collection | CLSMajor | CLSMinor | Language | Author |
|---|