Shadowcast: Stealthy Data Poisoning Attacks against Vision-Language Models

The first is a traditional Label Attack, tricking VLMs into misidentifying class labels, such as confusing Donald Trump for Joe Biden.