Multimodal Model Inversion

Multimodal models learn joint representations of training data across modalities. Model inversion attacks exploit this by querying the model to generate content that reveals or reconstructs training data. In multimodal models, cross-modal inversion is possible — querying with text to recover training images, or with images to recover training text.

• Inversion query detection: Detect queries designed to extract training data characteristics
• Output similarity monitoring: Monitor for outputs that are unusually similar to known training data

Model inversion chains into T10 (Integrity & Confidentiality Breach) as the multimodal expression of training data extraction. The extracted data chains into T6 (Training Poisoning) when it reveals training data characteristics that inform poisoning strategy.