MrM: Black-Box Membership Inference Attacks against Multimodal RAG Systems

Peiru Yang, Jinhua Yin, Haoran Zheng, Xueying Bai, Huili Wang, Yufei Sun, Xintian Li, Shangguang Wang, Yongfeng Huang, Tao Qi·June 09, 2025

Summary

MrM, a privacy framework, targets vulnerabilities in multimodal RAG systems by exploiting indirect access to sensitive data. It uses a multi-object data perturbation framework with counterfactual attacks to induce retrieval and leakage of membership information. MrM models query trials to extract features, demonstrating strong performance across various visual datasets and commercial visual-language models, including GPT-4 and Gemini-2, under adaptive defenses.

Advanced features