• Prompt Injection Via Road Signs Interesting research: “CHAI: Command Hijacking Against Embodied AI.” Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. • These capabilities, however, also create new security risks. • In this paper, we introduce CHAI (Command Hijacking against embodied AI), a new class of prompt-based attacks that exploit the multimodal language interpretation abilities of Large Visual-Language Models (LVLMs). • CHAI embeds deceptive natural language instructions, such as misleading signs, in visual input, systematically searches the token space, builds a dictionary of prompts, and guides an attacker model to generate Visual Attack Prompts. • We evaluate CHAI on four LVLM agents; drone emergency landing, autonomous driving, and aerial object tracking, and on a real robotic vehicle. • Our experiments show that CHAI consistently outperforms state-of-the-art attacks.
Article Summaries:
- Prompt Injection via Road Signs
Researchers have unveiled CHAI (Command Hijacking Against Embodied AI), a new attack that exploits the multimodal language understanding of large visual‑language models (LVLMs) used in autonomous vehicles and drones. By embedding deceptive natural‑language instructions-such as misleading road signs-into visual inputs, CHAI systematically searches token space, builds a prompt dictionary, and generates visual attack prompts that override legitimate commands. Experiments on four LVLM agents, including autonomous driving and aerial tracking, show CHAI consistently outperforms existing attacks. The study highlights a growing security risk for embodied AI systems and calls for defenses that extend beyond traditional adversarial robustness.
Sources: