{"id":1982,"date":"2025-11-23T08:18:43","date_gmt":"2025-11-23T08:18:43","guid":{"rendered":"https:\/\/scipapermill.com\/index.php\/2025\/11\/23\/adversarial-attacks-navigating-the-shifting-sands-of-ai-security-and-robustness-4\/"},"modified":"2025-12-28T21:17:46","modified_gmt":"2025-12-28T21:17:46","slug":"adversarial-attacks-navigating-the-shifting-sands-of-ai-security-and-robustness-4","status":"publish","type":"post","link":"https:\/\/scipapermill.com\/index.php\/2025\/11\/23\/adversarial-attacks-navigating-the-shifting-sands-of-ai-security-and-robustness-4\/","title":{"rendered":"Adversarial Attacks: Navigating the Shifting Sands of AI Security and Robustness"},"content":{"rendered":"

Latest 50 papers on adversarial attacks: Nov. 23, 2025<\/h3>\n

The landscape of Artificial Intelligence is evolving at breakneck speed, but with every advancement comes a new frontier of security challenges. Adversarial attacks, those insidious attempts to trick AI models with subtle, often imperceptible perturbations, remain a paramount concern across every domain, from computer vision to large language models and multi-agent systems. Recent research is not only uncovering novel attack vectors but also pioneering sophisticated defense mechanisms, pushing the boundaries of what it means to build truly robust and trustworthy AI. This post dives into a collection of recent breakthroughs, exploring how researchers are both breaking and fortifying our most advanced AI systems.<\/p>\n

The Big Idea(s) & Core Innovations<\/h3>\n

At the heart of these recent papers lies a continuous cat-and-mouse game between attackers and defenders, with innovation stemming from both sides. A significant theme is the move beyond simple pixel-level perturbations to more sophisticated, semantically aware, and multi-modal attacks. For instance, the Q-MLLM<\/strong> framework from researchers at University of California, San Diego<\/a> pioneers a novel quantization-based defense against adversarial attacks on multimodal large language models (MLLMs). Their key insight involves introducing discrete bottlenecks in visual features via vector quantization, effectively blocking adversarial gradient paths and achieving impressive defense rates against jailbreak and toxic image attacks.<\/p>\n

On the attack front, works like \u201cWhen Alignment Fails: Multimodal Adversarial Attacks on Vision-Language-Action Models<\/a>\u201d by researchers including Yuping Yan from TGAI Lab, School of Engineering, Westlake University<\/a>, introduce VLA-Fool<\/strong>. This framework systematically reveals that even minor, cross-modal perturbations can significantly disrupt Vision-Language-Action (VLA) models, leading to substantial behavioral deviations. Similarly, the \u201cMulti-Faceted Attack: Exposing Cross-Model Vulnerabilities in Defense-Equipped Vision-Language Models<\/a>\u201d from institutions like The Chinese University of Hong Kong<\/a> demonstrates how the MFA<\/strong> framework can bypass multiple layers of VLM defenses by exploiting shared visual representations, achieving a 58.5% success rate against leading models.<\/p>\n

The realm of Large Language Models (LLMs) is particularly active. \u201cPSM: Prompt Sensitivity Minimization via LLM-Guided Black-Box Optimization<\/a>\u201d by Hussein Jawad and Nicolas J-B. Brunel from Capgemini Invent, Paris, France<\/a> presents a lightweight, black-box method for shielding system prompts from extraction attacks by minimizing leakage while preserving utility. Complementing this, \u201cExplainableGuard: Interpretable Adversarial Defense for Large Language Models Using Chain-of-Thought Reasoning<\/a>\u201d from Shaowei GUAN and colleagues at The Hong Kong Polytechnic University<\/a> introduces a defense mechanism that not only detects attacks but also provides transparent, step-by-step explanations, enhancing trustworthiness.<\/p>\n

Beyond perception and language, multi-agent systems and robotics are also in the crosshairs. \u201cAdversarial Attack on Black-Box Multi-Agent by Adaptive Perturbation<\/a>\u201d introduces AdapAM<\/strong>, a stealthy black-box attack leveraging proxy agents and adaptive selection policies. In robotics, the \u201cKeep on Going: Learning Robust Humanoid Motion Skills via Selective Adversarial Training<\/a>\u201d paper introduces SA2RT<\/strong>, a novel selective adversarial training method that dramatically improves humanoid robot motion policy robustness in real-world environments.<\/p>\n

Other notable innovations include: * TopoReformer<\/strong> (Manipal Institute of Technology, Manipal Academy of Higher Education Manipal<\/a>) for OCR models, which uses topological purification to filter adversarial noise without adversarial training. * MedFedPure<\/strong> (Institute of Medical AI, University X<\/a>) for federated medical AI, integrating MAE-based detection and diffusion purification against inference-time attacks. * MPD-SGR<\/strong> (Zhejiang University<\/a>) which enhances Spiking Neural Networks (SNNs) adversarial robustness by regulating membrane potential distribution. * SHIFT<\/strong> (Tulane University<\/a>), a diffusion-based attack for RL that generates semantically different yet realistic state perturbations. * CD-MTA<\/strong> (Tohoku University<\/a>) for cross-domain multi-targeted adversarial attacks without victim model access.<\/p>\n

Under the Hood: Models, Datasets, & Benchmarks<\/h3>\n

The innovations above are underpinned by a rich array of models, datasets, and benchmarks. Researchers are moving towards more complex, real-world relevant evaluations, often building new tools to achieve this:<\/p>\n