# Anamorpher — Image-Scaling Prompt Injection Lab > trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow. ## Install Save as a script file and run: ## Quick Use ```bash git clone https://github.com/trailofbits/anamorpher.git && cd anamorpher uv sync uv run python backend/app.py # Open frontend/index.html in your browser ``` ## Intro trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow. **Best for:** Security teams testing multimodal models and apps for downscaling-triggered hidden instructions **Works with:** Python 3.11+, uv (recommended), and a browser-opened HTML frontend for visualization **Setup time:** 10-25 minutes ### Key facts (verified) - GitHub: 1049 stars · 91 forks · pushed 2026-05-11. - License: Apache-2.0 · owner avatar + repo URL verified via GitHub API. - README-backed entrypoint: `uv run python backend/app.py`. ## Main - Use it as an evaluation harness: craft a payload image, then test how different downscalers reveal (or hide) the prompt injection after resizing. - Compare implementations: README highlights OpenCV, PyTorch, TensorFlow, and Pillow for scaling behavior differences. - Treat results as probabilistic: README warns outcomes vary and recommends running each example ~5 times for consistent evaluation. ### Source-backed notes - README positions Anamorpher as a tool for crafting/visualizing image scaling attacks and provides both a frontend UI and Python API. - README lists supported downscaling algorithms (bicubic, bilinear, nearest neighbor) and comparison backends (OpenCV/PyTorch/TensorFlow/Pillow). - README setup uses `uv sync`, runs the backend via `uv run python backend/app.py`, and opens `frontend/index.html` in a browser. ### FAQ - **Is this for text-only LLMs?**: No — README explicitly targets multi-modal AI systems where image downscaling can hide/reveal instructions. - **Do results always reproduce?**: Not always — README warns outcomes can vary and suggests running examples multiple times. - **What’s a safe rollout?**: Run it in a controlled eval environment and document the exact preprocessing pipeline (resize settings, libraries) you deploy. ## Source & Thanks > Source: https://github.com/trailofbits/anamorpher > License: Apache-2.0 > GitHub stars: 1049 · forks: 91 --- ## Quick Use ```bash git clone https://github.com/trailofbits/anamorpher.git && cd anamorpher uv sync uv run python backend/app.py # Open frontend/index.html in your browser ``` ## Intro trailofbits/anamorpher 用于生成/可视化多模态 prompt injection 的图像缩放攻击;已验证 1,049★,README 提供基于 uv 的后端运行与浏览器前端流程。 **Best for:** 需要测试多模态模型/应用在缩放链路中被“隐藏指令”触发的安全团队 **Works with:** Python 3.11+、uv(推荐),以及通过浏览器打开的 HTML 前端用于可视化对比 **Setup time:** 10-25 minutes ### Key facts (verified) - GitHub:1049 stars · 91 forks;最近更新 2026-05-11。 - 许可证:Apache-2.0;作者头像与仓库链接均已通过 GitHub API 复核。 - README 中可对照的入口命令:`uv run python backend/app.py`。 ## Main - 把它当评测工装:先生成 payload 图片,再比较不同 downscaler 在缩放后是否“显露”隐藏注入指令。 - 对比实现差异:README 提到可在前端对比 OpenCV、PyTorch、TensorFlow、Pillow 等缩放实现。 - 把结果当概率事件:README 提醒结果会波动,并建议每个示例跑约 5 次以获得更稳定结论。 ### Source-backed notes - README 将 Anamorpher 定位为图像缩放攻击的生成/可视化工具,同时提供前端 UI 与 Python API。 - README 列出支持的 downscaling 算法(bicubic/bilinear/nearest neighbor)及对比后端(OpenCV/PyTorch/TensorFlow/Pillow)。 - README 的 setup:`uv sync`,再 `uv run python backend/app.py` 启动后端,并在浏览器打开 `frontend/index.html`。 ### FAQ - **它适用于纯文本 LLM 吗?**:主要不是。README 明确面向多模态系统,利用图像缩放链路隐藏/触发注入指令。 - **结果一定可复现吗?**:不一定。README 提示结果会波动,并建议多次运行同一示例做统计。 - **怎么更安全地落地?**:只在受控评测环境使用,并把生产预处理链路(缩放库/参数)完整记录,避免误判。 ## Source & Thanks > Source: https://github.com/trailofbits/anamorpher > License: Apache-2.0 > GitHub stars: 1049 · forks: 91 --- Source: https://tokrepo.com/en/workflows/anamorpher-image-scaling-prompt-injection-lab Author: Script Depot