Morningstar
DeepKeep Reveals InkJect Vulnerability in Visual Language Models
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
DeepKeep has identified a new visual prompt injection vulnerability named 'InkJect' that affects leading visual language models (VLMs) such as OpenAI's GPT-5.2 and Anthropic's Claude Sonnet 4.6. This vulnerability allows attackers to embed hidden instructions within images, which VLMs process without detection, leading to unauthorized actions. The attack exploits a gap in existing security measures that primarily focus on text-based prompt injections. With 40% of generative AI solutions expected to be multimodal by 2027, the implications of this vulnerability are significant as enterprises increasingly integrate VLMs into their workflows. The research highlights that current guardrails do not extend to visual inputs, creating a critical blind spot. Despite its risks, the InkJect vulnerability has received minimal academic attention, with only one academic paper addressing it so far. DeepKeep's findings suggest that this attack vector could lead to severe security breaches if not addressed promptly.
Key Points: • InkJect vulnerability allows hidden instructions in images to manipulate VLMs. • Affected models include OpenAI's GPT-5.2 and Anthropic's Claude Sonnet 4.6. • Current security measures fail to detect visual prompt injections, creating a major risk.