MLingualFC: Evaluating Jailbreak Vulnerabilities in Multilingual Vision-Language Models

Researchers introduced MLingualFC, a benchmark revealing significant safety vulnerabilities in multilingual Vision-Language Models through flowchart-based jailbreak attacks across five languages. The study demonstrates that current VLM safety mechanisms fail to generalize across linguistic and visual modalities, with Latin script languages showing substantially higher attack success rates than non-Latin scripts like Punjabi.

The MLingualFC research exposes a critical gap in AI safety infrastructure that extends beyond English-centric systems. As Vision-Language Models become increasingly deployed globally, their vulnerability to multilingual jailbreak attacks represents a material risk for organizations relying on these systems for sensitive applications. The flowchart-based attack methodology proves effective at encoding harmful instructions into visual representations, bypassing safety alignment mechanisms that were primarily trained on text-based threats.

This vulnerability stems from the asymmetric development of multilingual VLM safety measures. Most safety alignment work concentrates on high-resource languages with Latin scripts, leaving models inadequately tested against attacks in other writing systems. Interestingly, the lower attack success rates in non-Latin scripts like Punjabi appear driven by technical limitations in visual text recognition rather than superior safety training—a distinction with important implications for remediation strategies.

For developers and enterprises deploying multilingual VLMs, these findings highlight the need for comprehensive safety testing across diverse linguistic contexts before production deployment. The research indicates that visual encoding represents an underexplored attack surface that current safety frameworks inadequately address. Organizations cannot rely on safety mechanisms trained primarily in English to protect systems operating across global markets.

Looking forward, the AI safety community must develop more robust multimodal safety approaches that generalize across scripts and languages. This includes expanding safety training data, improving visual text recognition capabilities, and conducting broader adversarial testing. The open-source resources provided enable further research into these vulnerabilities, likely spurring rapid development of countermeasures.

• →Flowchart-based visual attacks achieve high success rates in bypassing safety mechanisms across Latin script languages including Spanish, Romanian, and German.
• →Non-Latin script languages like Punjabi show lower vulnerability rates due to technical limitations in visual text recognition rather than stronger safety alignment.
• →Current multilingual VLM safety mechanisms fail to generalize across both linguistic diversity and visual modalities, representing a systemic gap.
• →The research identifies visual encoding of harmful content as an underexplored attack surface inadequately addressed by existing safety frameworks.
• →Developers deploying multilingual VLMs globally must conduct comprehensive cross-linguistic safety testing before production use.