Abstract:Recently in robotics, Vision-Language-Action (VLA) models have emerged as a transformative approach, enabling robots to execute complex tasks by integrating visual and linguistic inputs within an end-to-end learning framework. While VLA models offer significant capabilities, they also introduce new attack surfaces, making them vulnerable to adversarial attacks. With these vulnerabilities largely unexplored, this paper systematically quantifies the robustness of VLA-based robotic systems. Recognizing the unique demands of robotic execution, our attack objectives target the inherent spatial and functional characteristics of robotic systems. In particular, we introduce an untargeted position-aware attack objective that leverages spatial foundations to destabilize robotic actions, and a targeted attack objective that manipulates the robotic trajectory. Additionally, we design an adversarial patch generation approach that places a small, colorful patch within the camera's view, effectively executing the attack in both digital and physical environments. Our evaluation reveals a marked degradation in task success rates, with up to a 100\% reduction across a suite of simulated robotic tasks, highlighting critical security gaps in current VLA architectures. By unveiling these vulnerabilities and proposing actionable evaluation metrics, this work advances both the understanding and enhancement of safety for VLA-based robotic systems, underscoring the necessity for developing robust defense strategies prior to physical-world deployments.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is the adversarial vulnerability of Vision - Language - Action (VLA) models in robotics. Specifically, although VLA models have shown remarkable ability in integrating visual and language inputs to perform complex tasks, these models also introduce new attack surfaces, making them vulnerable to adversarial attacks. These vulnerabilities have largely not been explored yet. Therefore, this paper systematically quantifies the robustness of VLA - based robotic systems and designs attack targets in view of the inherent spatial and functional characteristics of robot execution. The main contributions of the paper include: 1. **First comprehensive analysis**: This paper conducts the first comprehensive analysis of the vulnerability of VLA - based robotic systems, reveals the significant threats posed by adversarial attacks to these systems, and emphasizes the urgency of enhancing robustness before actual deployment. 2. **Define specific attack targets**: This paper defines specific attack targets against powerful VLA models for the first time and adopts a simple adversarial patch to attack these models. This provides valuable insights for the research community to explore the systematic failures of similar generative foundation models. 3. **Rigorous evaluation**: This paper conducts a rigorous evaluation of four different robot tasks in simulated and physical environments and observes an increase in the task failure rate by 100% and 43% respectively, highlighting the effectiveness of its attack strategy. Through these efforts, the paper not only deepens the understanding of the security of VLA - based robotic systems but also proposes specific evaluation metrics and emphasizes the necessity of developing robust defense strategies before actual deployment.

Exploring the Adversarial Vulnerabilities of Vision-Language-Action Models in Robotics

Adversarial Computer Vision Via Acoustic Manipulation of Camera Sensors

Adversarial Robustness Analysis of LiDAR-included Models in Autonomous Driving

Manipulation Facing Threats: Evaluating Physical Vulnerabilities in End-to-End Vision Language Action Models

Highlighting the Safety Concerns of Deploying LLMs/VLMs in Robotics

Visual Adversarial Attack on Vision-Language Models for Autonomous Driving

TrojanRobot: Backdoor Attacks Against LLM-based Embodied Robots in the Physical World

Towards Testing and Evaluating Vision-Language-Action Models for Robotic Manipulation: An Empirical Study

Rethinking the Intermediate Features in Adversarial Attacks: Misleading Robotic Models via Adversarial Distillation

Chain of Attack: On the Robustness of Vision-Language Models Against Transfer-Based Adversarial Attacks

Hijacking Vision-and-Language Navigation Agents with Adversarial Environmental Attacks

On Evaluating Adversarial Robustness of Large Vision-Language Models

VLATTACK: Multimodal Adversarial Attacks on Vision-Language Tasks via Pre-trained Models

Universal Adversarial Attacks for Visual Odometry Systems

Towards Adversarial Attack on Vision-Language Pre-training Models

CogACT: A Foundational Vision-Language-Action Model for Synergizing Cognition and Action in Robotic Manipulation

Malicious Path Manipulations via Exploitation of Representation Vulnerabilities of Vision-Language Navigation Systems

Benchmarking Vision, Language, & Action Models on Robotic Learning Tasks

Probing the Robustness of Vision-Language Pretrained Models: A Multimodal Adversarial Attack Approach

Exploring Visual Vulnerabilities via Multi-Loss Adversarial Search for Jailbreaking Vision-Language Models