Dies ist eine Übersichtsseite mit Metadaten zu dieser wissenschaftlichen Arbeit. Der vollständige Artikel ist beim Verlag verfügbar.
OCR-Mediated Modality Dominance in Vision-Language Models: Implications for Radiology AI Trustworthiness
0
Zitationen
8
Autoren
2026
Jahr
Abstract
1. Abstract Background Vision-language models (VLMs) are increasingly proposed for radiologic decision support, yet the security implications of deploying general-domain, OCR-capable models in diagnostic workflows remain poorly characterized. When image-embedded text is not treated as untrusted input, the visual channel becomes vulnerable to adversarial manipulation through OCR-readable overlays. Methods Nine commercial VLMs, none intended or validated for clinical diagnosis, were evaluated on 600 brain MRI studies (300 tumor-positive, 300 tumor-negative) for binary tumor detection across four conditions: clean input, visible radiology-report injection, human-imperceptible stealth OCR injection, and a multi-stage immune-prompt defense combining both attack types with enforced visual-priority reasoning. Approximately 27,000 inference calls were analyzed. Primary outcomes included accuracy, attack success rate (ASR), false positive rate (FPR), and masking rate. Results At baseline, performance was heterogeneous (median accuracy 0.69, sensitivity 0.79, specificity 0.59). Visible injection caused universal specificity collapse (0.00 across all models; FPR 1.00), with a median ASR of 0.97; every model unconditionally privileged the injected text over its own visual analysis. Stealth injection, despite being imperceptible to human reviewers, still drove substantial degradation (median accuracy 0.43; ASR 0.57; FPR 0.84). Immune prompting achieved only partial and inconsistent mitigation: under stealth injection, median ASR decreased to 0.44, and accuracy improved to 0.56, yet residual overcalling persisted (median FPR 0.67), and three models maintained an FPR of 1.00. Conclusions Commercial VLMs exhibit a deployment-critical failure mode in radiology-like scenarios: OCR-readable text embedded in images can dominate the decision pathway and override pixel-level evidence, even under stealth conditions that evade human inspection. Prompt-level defenses provide insufficient protection. These findings underscore that any clinical integration of VLMs must be gated by system-level safeguards, including OCR-aware input handling, provenance controls, and enforced human verification, before such tools can be considered for safety-sensitive environments.
Ähnliche Arbeiten
Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI
2019 · 8.287 Zit.
Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead
2019 · 8.140 Zit.
High-performance medicine: the convergence of human and artificial intelligence
2018 · 7.534 Zit.
Proceedings of the 19th International Joint Conference on Artificial Intelligence
2005 · 5.776 Zit.
Peeking Inside the Black-Box: A Survey on Explainable Artificial Intelligence (XAI)
2018 · 5.450 Zit.