JailbreakV-28K Multimodal Benchmark
Dataset designed to test the robustness of multimodal language models (MLLMs) against various jailbreak attacks. It contains 28,000 text-image pairs and 2,000 malicious requests (RedTeam), covering 16 security policies and 5 attack methods.
28,000 text-image pairs + 2,000 queries, CSV formats, and associated images
MIT
Description
The dataset JailbreakV-28K is a comprehensive benchmark designed to assess the resistance of multimodal models to so-called “jailbreak” attacks. It contains 28,000 examples combining attack text and associated images, as well as a RedTeam subset of 2,000 harmful requests that target a variety of security policies. Attacks span multiple strategies, including persuasion, logic, and image-specific methods.
What is this dataset for?
- Testing the robustness of LLM/MLLM multimodal models against jailbreak attacks
- Develop mechanisms for aligning and filtering harmful responses
- Evaluate and compare models on advanced security scenarios
Can it be enriched or improved?
The dataset can be enriched by adding new attacks or diversifying the sources of harmful queries. Additional security policy annotations or contextual metadata can also enhance its usefulness for AI security research.
🔎 In summary
🧠 Recommended for
- AI security researchers
- MLLM developers
- Alignment experts
🔧 Compatible tools
- PyTorch
- Hugging Face datasets
- AI attack and defense frameworks
💡 Tip
To get the most out of it, combine this benchmark with real-time attack detection tools.
Frequently Asked Questions
Does this dataset contain potentially offensive content?
Yes, it contains harmful queries to test the limits of the models, to be used only for research and education purposes.
Is this dataset suitable for training general models?
No, it is specifically designed for security assessment and robustness, not for general use.
What is the nature of multimodal data?
These are text-image pairs, covering various types of images and attacks associated with texts.




