LIVEThe Continuum Brief
SIGNALAI·Jun 18, 2026, 4:00 AMSignal85Short term

Semantic Router: On the Feasibility of Hijacking MLLMs via a Single Adversarial Perturbation

Source: arXiv cs.AI

Share
Semantic Router: On the Feasibility of Hijacking MLLMs via a Single Adversarial Perturbation

arXiv:2511.20002v3 Announce Type: replace-cross Abstract: Multimodal Large Language Models (MLLMs) are increasingly deployed in stateless systems, such as autonomous driving and robotics. This paper investigates a novel threat: Semantic-Aware Hijacking. We explore the feasibility of hijacking multiple stateless decisions simultaneously using a single universal perturbation. We introduce the Semantic-Aware Universal Perturbation (SAUP), which acts as a semantic router, "actively" perceiving input semantics and routing them to distinct, attacker-defined targets. To achieve this, we conduct theor

Why this matters
Why now

The increasing deployment of MLLMs in critical, stateless systems like autonomous driving makes their vulnerabilities a pressing concern for current research.

Why it’s important

This research reveals a critical vulnerability in MLLMs that could allow adversaries to hijack multiple decisions simultaneously with a single stealthy perturbation, posing severe security and safety risks.

What changes

The understanding of MLLM security shifts from isolated attacks to the potential for universal, semantic-aware hijacking, demanding proactive development of more robust defence mechanisms.

Winners
  • · Cybersecurity firms specializing in AI
  • · Developers of robust MLLM defence algorithms
  • · Security researchers
Losers
  • · Developers of MLLMs without robust security
  • · Sectors deploying MLLMs in critical stateless systems (e.g., autonomous vehicles
  • · Users reliant on MLLM-powered systems
Second-order effects
Direct

Immediate industry-wide scramble to understand and mitigate this new class of adversarial MLLM attacks.

Second

Increased regulatory scrutiny and demands for explainable AI and robust security measures in MLLM deployment.

Third

Potential slowdown in the adoption of MLLMs in highly sensitive applications until adequate security standards are established.

Editorial confidence: 90 / 100 · Structural impact: 70 / 100
Original report

This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.

Read at arXiv cs.AI
#cs.CV#cs.AI#cs.CR
Tracked by The Continuum Brief · live intelligence network
Share
The Brief · Weekly Dispatch

Stay ahead of the systems reshaping markets.

By subscribing, you agree to receive updates from THE CONTINUUM BRIEF. You can unsubscribe at any time.