Adversarial examples have been hard to solve in vision mainly because it was imperceptible to humans and added adv noise is hard to remove. Looking at the demo, it seems relatively easy to build a filter to remove adversarial suffix before feeding the query into LLM…

→ View original post on X — @_yutaroyamada,