Researchers Unveil CHAI: A New Class of Attacks on Embedded AI Systems

Researchers have published a study on CHAI (Command Hijacking against embodied AI), a new class of prompt injection attacks targeting embedded artificial intelligence systems. The attack exploits the multimodal interpretation capabilities of Large Visual-Language Models (LVLMs) by integrating misleading natural language instructions, such as deceptive signs, into visual data. CHAI systematically searches the token space, constructs a dictionary of prompts, and generates Visual Attack Prompts. Tests were conducted on four LVLM agents, including emergency drone landing, autonomous driving, aerial object tracking, and a real robotic vehicle. The results show that CHAI consistently outperforms existing attacks.