Bordair-Multimodal Exposes Hidden Threats In AI Defenses

By vramkickedin | | 2 min read
A geometric crystal with distinct layers of text small image thumbnails and audio waves are visible suspended like inclusions in ice.

Bordair-multimodal is an open-source test suite featuring over half a million labeled prompts built to evaluate defenses against prompt injection attacks. The collection proves that splitting harmful instructions across multiple input channels consistently bypasses traditional single-channel filters.

Josh Blythe developed the dataset to expose how security tools miss fragmented threats hidden in combined text, images, and documents. Builders and local operators can download the files to safely validate their own language model safeguards.

Cross-modal injection testing framework

  • Contains more than five hundred thousand balanced attack and safe prompts.
  • Delivers payloads across split text, image metadata, hidden document layers, and audio tracks.
  • Offers a command-line utility for testing compatible models in under a minute.
  • Organizes files into five progressive versions covering encoding tricks and multi-agent threats.
  • Attributes every sample directly to published research and documented security incidents.

Teams evaluating local defenses gain structured datasets to benchmark custom classification tools. Security researchers can immediately run verified attack patterns to locate filtering gaps before software enters production.

Hidden vulnerabilities in single-channel screening

Breaking malicious requests into smaller components routinely drops detection confidence below standard warning levels. Individual pieces appear harmless, but the combined context successfully overrides model instructions once the system processes all inputs together. An included script allows direct testing against any standard API endpoint, providing instant performance reports.

"The fundamental question seems to be: do you reassemble extracted text across channels before classification, or do you need a different architectural approach entirely?"

noted the developer in a Reddit post. Since the release contains only JSON files rather than large neural networks, users require minimal storage and can begin evaluations immediately.

Independent developers can quickly integrate these evaluation files into existing security workflows. The full repository and generation tools are available here on GitHub.