August 4, 2025
The GIST Topological approach detects adversarial attacks in multimodal AI systems 
Gaby Clark
scientific editor
Robert Egan
associate editor
Editors' notes
This article has been reviewed according to Science X's editorial process and policies. Editors have highlighted the following attributes while ensuring the content's credibility:
fact-checked
preprint
trusted source
proofread
New vulnerabilities have emerged with the rapid advancement and adoption of multimodal foundational AI models, significantly expanding the potential for cybersecurity attacks. Researchers at Los Alamos National Laboratory have put forward a novel framework that identifies adversarial threats to foundation models—artificial intelligence approaches that seamlessly integrate and process text and image data. This work empowers system developers and security experts to better understand model vulnerabilities and reinforce resilience against ever more sophisticated attacks.
The study is published on the arXiv preprint server.
"As multimodal models grow more prevalent, adversaries can exploit weaknesses through either text or visual channels, or even both simultaneously," said Manish Bhattarai, a computer scientist at Los Alamos.
"AI systems face escalating threats from subtle, malicious manipulations that can mislead or corrupt their outputs, and attacks can result in misleading or toxic content that looks like a genuine output for the model. When taking on increasingly complex and difficult-to-detect attacks, our unified, topology-based framework uniquely identifies threats regardless of their origin."
Multimodal AI systems excel at integrating diverse data types by embedding text and images into a shared high-dimensional space, aligning image concepts to their textual semantic notion (like the word "circle" with a circular shape). However, this alignment capability also introduces unique vulnerabilities.
As these models are increasingly deployed in high-stakes applications, adversaries can exploit them through text or visual inputs—or both—using imperceptible perturbations that disrupt alignment and potentially produce misleading or harmful outcomes.
Defense strategies for multimodal systems have remained relatively unexplored, even as these models are increasingly used in sensitive domains where they can be applied to complex national security topics and contribute to modeling and simulation. Building on the team's experience developing a purification strategy that neutralizes adversarial noise in attack scenarios on image-centered models, this new approach detects the signature and origin of adversarial attack on today's advanced artificial intelligence models.
A novel topological approach
The Los Alamos team's solution harnesses topological data analysis, a mathematical discipline focused on the "shape" of data, to uncover these adversarial signatures. When an attack disrupts the geometric alignment of text and image embeddings, it creates a measurable distortion. The researchers developed two pioneering techniques, dubbed "topological-contrastive losses," to quantify these topological differences with precision, effectively pinpointing the presence of adversarial inputs.
"Our algorithm accurately uncovers the attack signatures, and when combined with statistical techniques, can detect malicious data tampering with remarkable precision," said Minh Vu, a Los Alamos postdoctoral fellow and lead author on the team's paper. "This research demonstrates the transformative potential of topology-based approaches in securing the next generation of AI systems and sets a strong foundation for future advancements in the field."
The framework's effectiveness was rigorously validated using the Venado supercomputer at Los Alamos. Installed in 2024, the machine's chips combine a central processing unit with a graphics processing unit to address high-performance computing and giant-scale artificial intelligence applications. The team tested it against a broad spectrum of known adversarial attack methods across multiple benchmark datasets and models.
The results were unequivocal: the topological approach consistently and significantly outperformed existing defenses, offering a more reliable and resilient shield against threats.
The team presented the work, "Topological Signatures of Adversaries in Multimodal Alignments," at the International Conference on Machine Learning.
More information: Minh Vu et al, Topological Signatures of Adversaries in Multimodal Alignments, arXiv (2025). DOI: 10.48550/arxiv.2501.18006
Journal information: arXiv Provided by Los Alamos National Laboratory Citation: Topological approach detects adversarial attacks in multimodal AI systems (2025, August 4) retrieved 4 August 2025 from https://techxplore.com/news/2025-08-topological-approach-adversarial-multimodal-ai.html This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
Explore further
New AI defense method shields models from adversarial attacks 0 shares
Feedback to editors
