Medusa: Tiny image tweaks can mislead medical AI

Kari Jaaskelainen

25 Nov 2025 — 1 min read

New study warns: the multimodal medical AIs behind report writing and diagnosis can be steered off-course by barely visible tweaks to images.

Researchers introduce Medusa, a black-box attack that nudges an input scan so the system retrieves the wrong supporting evidence and then generates misleading text. Medusa learns to make tampered images look, to the AI, like medically plausible but incorrect text cues, and it transfers across different models by training on an ensemble with a dual-loop strategy.

Targets retrieval-augmented vision-language systems used in radiology and diagnosis.
Works across models without internal access (black box).
Achieved over 90% attack success in two real-world tasks, and bypassed four common defenses.

Why this matters: in safety-critical care, a subtle image perturbation could silently sway evidence retrieval and the final report.

Suggested actions: establish robustness benchmarks, audit retrieval steps, add cross-modal consistency checks, and stress-test models with transferable attacks before deployment.

Paper: https://arxiv.org/abs/2511.19257v1 • Code: https://anonymous.4open.science/r/MMed-RAG-Attack-F05A

Paper: https://arxiv.org/abs/2511.19257v1

Register: https://www.AiFeta.com

#AI #Healthcare #MedicalAI #CyberSecurity #AdversarialAI #RAG #Radiology #PatientSafety #MLSafety

Meet GRACE: a moral governor for safer, more transparent AI

AI agents are getting powerful—so how do we make sure they do the right thing, not just the effective thing? Meet GRACE, a reason-based moral governor that keeps AI behavior aligned with human norms by separating moral reasoning from goal-driven decision-making. * Moral Module: uses deontic logic and explicit reasons

Why some fine-tuned LLMs miss phishing—and how to fix it

Not all fine-tuned LLMs spot phishing equally. A new study tests Llama 3.1 8B, Gemma 2 9B, and Mistral on high-stakes phishing detection—and uses SHAP and mechanistic interpretability to reveal why models do (or don’t) generalize. * Architecture × data diversity matters: Gemma 2 9B hits state-of-the-art performance (F1

AI that explains itself—by following the science

AI that explains itself—by following the science Black-box AI can be powerful, but it often can’t tell us why it made a decision. Concept Bottleneck Models (CBMs) try to fix that by predicting human-understandable concepts first, then the final answer. The catch: standard CBMs ignore domain-specific cause-and-effect and

Meet GenomAgent: A Team of AI Specialists for Smarter Genomics Q&A

TL;DR: Finding reliable answers in genomics is hard. GenomAgent turns one big AI into a coordinating team of specialists—and beats the current leader by 12% on a key benchmark. Genomic facts live across many databases. Standard chatbots struggle because they can’t flexibly query those sources. GeneGPT added

Read more

Meet GRACE: a moral governor for safer, more transparent AI

Why some fine-tuned LLMs miss phishing—and how to fix it

AI that explains itself—by following the science

Meet GenomAgent: A Team of AI Specialists for Smarter Genomics Q&A