MrM: Black-Box Membership Inference Attacks against Multimodal RAG Systems

MrM, a privacy framework, targets vulnerabilities in multimodal RAG systems by exploiting indirect access to sensitive data. It uses a multi-object data perturbation framework with counterfactual attacks to induce retrieval and leakage of membership information. MrM models query trials to extract features, demonstrating strong performance across various visual datasets and commercial visual-language models, including GPT-4 and Gemini-2, under adaptive defenses.