This work addresses the underexplored privacy risks posed by multimodal large language models (MLLMs), which may inadvertently disclose sensitive information embedded in or retained from input images during vision-language processing. To systematically investigate these risks, the authors introduce the MM-Privacy dataset and formally define two key threat notions: disclosure risk and retention risk. They further propose a comprehensive evaluation framework tailored for joint image-text inputs and conduct extensive experiments across diverse multimodal tasks using state-of-the-art MLLMs. The results reveal significant, task-dependent privacy vulnerabilities, with heightened risks observed in cross-task scenarios. These findings expose critical limitations in current mitigation strategies and underscore the urgent need for task-aware privacy-preserving mechanisms in multimodal foundation models.

Privacy risks in text-only Large Language Models (LLMs) are well studied, particularly their tendency to memorize and leak sensitive information. However, Multi-modal Large Language Models (MLLMs), which process both text and images, introduce unique privacy challenges that remain underexplored. Compared to text-only models, MLLMs can extract and expose sensitive information embedded in images, posing new privacy risks. We reveal that some MLLMs are susceptible to privacy breaches, leaking sensitive data embedded in images or stored in memory. Specifically, in this paper, we (1) introduce MM-Privacy, a comprehensive dataset designed to assess privacy risks across various multi-modal tasks and scenarios, where we define Disclosure Risks and Retention Risks. (2) systematically evaluate different MLLMs using MM-Privacy and demonstrate how models leak sensitive data across various tasks, and (3) provide additional insights into the role of task inconsistency in privacy risks, emphasizing the urgent need for mitigation strategies. Our findings highlight privacy concerns in MLLMs, underscoring the necessity of safeguards to prevent data exposure. Our dataset and code can be found here.