Security/ ai · security · vision-language-models · adversarial-attacks

Hijacking 10% of Vision Tokens Can Break AI Model Accuracy by 88%

New research shows that intercepting a small slice of data in transit between edge devices and cloud AI servers can nearly destroy a model's accuracy.

Researchers found a way to cripple large vision-language models by tampering with just a fraction of the data they transmit mid-inference.

When AI models split their workload between an edge device and a cloud server, they pass intermediate data — called vision tokens — over a network link. A team of researchers studied what happens when an attacker intercepts and manipulates that data in transit, without any access to the model's internals. Testing six state-of-the-art vision-language models ranging from 3 billion to 72 billion parameters across four benchmarks, they found that corrupting just 10% of transmitted vision tokens could reduce model accuracy by up to 88.31%. The attack works under a black-box, man-in-the-middle setup, meaning the adversary never needs to see the model weights or training data.

Cloud-edge inference is increasingly common because it lets manufacturers ship smaller, cheaper devices that offload heavy computation to remote servers — a setup used across smart cameras, medical imaging tools, and enterprise AI appliances. This research identifies the communication link itself as an underexamined attack surface, one that existing model hardening and adversarial robustness work largely ignores because it sits outside the model boundary.

The security field has spent years stress-testing AI models against adversarial image inputs and prompt injection; the network layer between device and cloud has gotten far less scrutiny. Whether cloud AI providers treat this as a deployment concern or a research footnote will say a lot about how seriously the industry takes infrastructure-level AI security.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →