{"id":2148,"date":"2025-11-30T13:02:22","date_gmt":"2025-11-30T13:02:22","guid":{"rendered":"https:\/\/scipapermill.com\/index.php\/2025\/11\/30\/adversarial-attacks-navigating-the-shifting-sands-of-ai-security-2\/"},"modified":"2025-12-28T21:07:18","modified_gmt":"2025-12-28T21:07:18","slug":"adversarial-attacks-navigating-the-shifting-sands-of-ai-security-2","status":"publish","type":"post","link":"https:\/\/scipapermill.com\/index.php\/2025\/11\/30\/adversarial-attacks-navigating-the-shifting-sands-of-ai-security-2\/","title":{"rendered":"Adversarial Attacks: Navigating the Shifting Sands of AI Security"},"content":{"rendered":"

Latest 50 papers on adversarial attacks: Nov. 30, 2025<\/h3>\n

The world of AI\/ML is a double-edged sword: powerful, transformative, and increasingly vital to our daily lives. Yet, beneath its gleaming surface lies a complex landscape of vulnerabilities, where sophisticated \u201cadversarial attacks\u201d relentlessly challenge the robustness and trustworthiness of our most advanced models. This isn\u2019t just a theoretical concern; from manipulating financial forecasts to hijacking autonomous robots, these attacks pose tangible threats to real-world applications. This post dives into a recent collection of groundbreaking research, revealing the latest advancements in both offensive and defensive adversarial machine learning.<\/p>\n

The Big Idea(s) & Core Innovations<\/h3>\n

Recent research highlights a crucial shift: attacks are becoming more precise, multi-modal, and transferable, while defenses are evolving to be more efficient, interpretable, and context-aware. A significant theme across several papers is the exploitation of cross-modal interactions<\/em> and semantic nuances<\/em> in complex AI systems. For instance, the Nanyang Technological University<\/strong> in their paper, When Robots Obey the Patch: Universal Transferable Patch Attacks on Vision-Language-Action Models<\/a>, introduces UPA-RFAS, a universal framework for crafting adversarial patches that can trick Vision-Language-Action (VLA) driven robots. This work shows how even subtle patches can hijack text-to-vision attention and misground instructions, demonstrating widespread vulnerabilities. Complementing this, research from Westlake University<\/strong> and City University of Hong Kong<\/strong> in Medusa: Cross-Modal Transferable Adversarial Attacks on Multimodal Medical Retrieval-Augmented Generation<\/a> reveals how medical AI systems are susceptible to cross-modal attacks that manipulate retrieval processes and distort medical outputs, achieving over 90% attack success rates. Similarly, V-Attack: Targeting Disentangled Value Features for Controllable Adversarial Attacks on LVLMs<\/a> by researchers from the Chinese Academy of Sciences<\/strong> shows how targeting disentangled \u2018value features\u2019 can enable precise, controllable attacks on Large Vision-Language Models (LVLMs), boosting success rates by 36% compared to existing methods. Further emphasizing this cross-modal vulnerability, the paper On the Feasibility of Hijacking MLLMs\u2019 Decision Chain via One Perturbation<\/a> from The Chinese University of Hong Kong, Shenzhen<\/strong> reveals how a single, semantic-aware perturbation can hijack the decision chain of MLLMs to manipulate outputs toward multiple predefined outcomes.<\/p>\n

Defensively, innovations are focusing on architectural robustness and efficient training. Nanjing University of Science and Technology<\/strong>\u2019s Multimodal Robust Prompt Distillation for 3D Point Cloud Models<\/a> introduces MRPD, a teacher-student framework that distills robustness into lightweight prompts for 3D point cloud models, achieving robust defense without additional inference costs. For large language models, the paper EAGER: Edge-Aligned LLM Defense for Robust, Efficient, and Accurate Cybersecurity Question Answering<\/a> by University of California, San Diego<\/strong> presents EAGER, a co-design framework that integrates quantization-aware fine-tuning with domain-specific preference alignment, reducing adversarial attack success rates by up to 7.3x. Also in the realm of LLM defense, Tel Aviv University<\/strong>\u2019s AlignTree: Efficient Defense Against LLM Jailbreak Attacks<\/a> introduces a lightweight classifier combining linear and non-linear signals for robust detection of harmful prompts. Meanwhile, University of Science & Technology of China<\/strong> and University of North Carolina at Chapel Hill<\/strong> tackle the multi-modal challenge with Vulnerability-Aware Robust Multimodal Adversarial Training<\/a>, demonstrating VARMAT, a method that identifies and mitigates modality-specific vulnerabilities to significantly improve robustness. Finally, Manipal Institute of Technology<\/strong>\u2019s TopoReformer: Mitigating Adversarial Attacks Using Topological Purification in OCR Models<\/a> presents a model-agnostic framework that uses topological features to purify adversarial images in OCR systems, providing a novel defense against various attacks.<\/p>\n

Under the Hood: Models, Datasets, & Benchmarks<\/h3>\n

The advancements in adversarial ML are heavily reliant on tailored resources:<\/p>\n