Welcome to the 8th edition of "Arxiv Weekly Insights," where we delve into the latest groundbreaking research and developments from the Arxiv repository.

This newsletter is brought to you by SmartXiv, the AI-powered personalized arXiv digest designed to enhance your research experience. With over 1000 research papers uploaded daily on arXiv, it's easy to miss important updates. Let SmartXiv deliver personalized recommendations so you never miss what truly matters to you.
Get started today and save 30% with your annual subscription.

Computer Vision and Pattern Recognition
PromptSmooth: Certifying Robustness of Medical Vision-Language Models via Prompt Learning
Noor Hussein, Fahad Shamshad, Muzammal Naseer, Karthik Nandakumar

This paper proposes a novel framework called PromptSmooth to achieve efficient certified robustness of medical vision-language models (Med-VLMs) by leveraging the concept of prompt learning. PromptSmooth adapts any pre-trained Med-VLM to handle Gaussian noise by learning textual prompts in a zero-shot or few-shot manner, achieving a balance between accuracy and robustness.

Computer Vision and Pattern Recognition
VideoLLM-MoD: Efficient Video-Language Streaming with Mixture-of-Depths Vision Computation
Shiwei Wu, Joya Chen, Kevin Qinghong Lin, Qimeng Wang, Yan Gao, Qianli Xu, Tong Xu, Yao Hu, Enhong Chen, Mike Zheng Shou

This paper introduces VideoLLM-MoD, a novel approach to reduce vision compute in long-term or streaming video scenarios. VideoLLM-MoD leverages redundant vision tokens by skipping layers rather than decreasing the number of vision tokens, significantly enhancing model efficiency.

Machine Learning
LLM Defenses Are Not Robust to Multi-Turn Human Jailbreaks Yet
Nathaniel Li, Ziwen Han, Ian Steneker, Willow Primack, Riley Goodside, Hugh Zhang, Zifan Wang, Cristina Menghini, Summer Yue

Recent large language model (LLM) defenses have greatly improved models' ability to refuse harmful queries, even when adversarially attacked. However, LLM defenses are primarily evaluated against automated adversarial attacks in a single turn of conversation, an insufficient threat model for real-world malicious use. We demonstrate that multi-turn human jailbreaks uncover significant vulnerabilities, exceeding 70% attack success rate (ASR) on HarmBench against defenses that report single-digit ASRs with automated single-turn attacks. Human jailbreaks also reveal vulnerabilities in machine unlearning defenses, successfully recovering dual-use biosecurity knowledge from unlearned models. We compile these results into Multi-Turn Human Jailbreaks (MHJ), a dataset of 2,912 prompts across 537 multi-turn jailbreaks. We publicly release MHJ alongside a compendium of jailbreak tactics developed across dozens of commercial red teaming engagements, supporting research towards stronger LLM defenses.

Artificial Intelligence
Leveraging Hallucinations to Reduce Manual Prompt Dependency in Promptable Segmentation
Jian Hu, Jiayi Lin, Junchi Yan, Shaogang Gong

Promptable segmentation typically requires instance-specific manual prompts to guide the segmentation of each desired object. To minimize such a need, task-generic promptable segmentation has been introduced, which employs a single task-generic prompt to segment various images of different objects in the same task. Current methods use Multimodal Large Language Models (MLLMs) to reason detailed instance-specific prompts from a task-generic prompt for improving segmentation accuracy. The effectiveness of this segmentation heavily depends on the precision of these derived prompts. However, MLLMs often suffer hallucinations during reasoning, resulting in inaccurate prompting. While existing methods focus on eliminating hallucinations to improve a model, we argue that MLLM hallucinations can reveal valuable contextual insights when leveraged correctly, as they represent pre-trained large-scale knowledge beyond individual images. In this paper, we utilize hallucinations to mine task-related information from images and verify its accuracy for enhancing precision of the generated prompts. Specifically, we introduce an iterative Prompt-Mask Cycle generation framework (ProMaC) with a prompt generator and a mask generator.The prompt generator uses a multi-scale chain of thought prompting, initially exploring hallucinations for extracting extended contextual knowledge on a test image.These hallucinations are then reduced to formulate precise instance-specific prompts, directing the mask generator to produce masks that are consistent with task semantics by mask semantic alignment. The generated masks iteratively induce the prompt generator to focus more on task-relevant image areas and reduce irrelevant hallucinations, resulting jointly in better prompts and masks.

Social and Information Networks
Easy-access online social media metrics can effectively identify misinformation sharing users
Junchao Chen, Alberto Sonnino, Lefteris Kokoris-Kogias, Mohammad Sadoghi

Misinformation poses a significant challenge studied extensively by researchers, yet acquiring data to identify primary sharers is costly and challenging. To address this, we propose a low-barrier approach to differentiate social media users who are more likely to share misinformation from those who are less likely. Leveraging insights from previous studies, we demonstrate that easy-access online social network metrics -- average daily tweet count, and account age -- can be leveraged to help identify potential low factuality content spreaders on X (previously known as Twitter). We find that higher tweet frequency is positively associated with low factuality in shared content, while account age is negatively associated with it. We also find that some of the effects, namely the effect of the number of accounts followed and the number of tweets produced, differ depending on the number of followers a user has. Our findings show that relying on these easy-access social network metrics could serve as a low-barrier approach for initial identification of users who are more likely to spread misinformation, and therefore contribute to combating misinformation effectively on social media platforms.

Computer Vision and Pattern Recognition
Model Parallel Training and Transfer Learning for Convolutional Neural Networks by Domain Decomposition
Axel Klawonn, Martin Lanser, Janine Weber

Deep convolutional neural networks (CNNs) have been shown to be very successful in a wide range of image processing applications. However, due to their increasing number of model parameters and an increasing availability of large amounts of training data, parallelization strategies to efficiently train complex CNNs are necessary. In previous work by the authors, a novel model parallel CNN architecture was proposed which is loosely inspired by domain decomposition. In particular, the novel network architecture is based on a decomposition of the input data into smaller subimages. For each of these subimages, local CNNs with a proportionally smaller number of parameters are trained in parallel and the resulting local classifications are then aggregated in a second step by a dense feedforward neural network (DNN). In the present work, we compare the resulting CNN-DNN architecture to less costly alternatives to combine the local classifications into a final, global decision. Additionally, we investigate the performance of the CNN-DNN trained as one coherent model as well as using a transfer learning strategy, where the parameters of the pre-trained local CNNs are used as initial values for a subsequently trained global coherent CNN-DNN model.

Thank you for joining us this week. Stay tuned for more insights in our next edition. Until then, happy researching! See you next week!