Comment by simonw
Text in the image and text in the prompt can both be used by attackers to subvert the model's original instructions.
Text in the image and text in the prompt can both be used by attackers to subvert the model's original instructions.