{"id":"https://openalex.org/W4416072365","doi":"https://doi.org/10.48550/arxiv.2506.03350","title":"Adversarial Attacks on Robotic Vision Language Action Models","display_name":"Adversarial Attacks on Robotic Vision Language Action Models","publication_year":2025,"publication_date":"2025-06-03","ids":{"openalex":"https://openalex.org/W4416072365","doi":"https://doi.org/10.48550/arxiv.2506.03350"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2506.03350","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2506.03350","pdf_url":"https://arxiv.org/pdf/2506.03350","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2506.03350","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100707137","display_name":"E. Jones","orcid":"https://orcid.org/0000-0001-6289-2292"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jones, Eliot Krzysztof","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028501158","display_name":"Alexander Robey","orcid":"https://orcid.org/0009-0003-5693-2819"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Robey, Alexander","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004880532","display_name":"Andy Zou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zou, Andy","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050088824","display_name":"Zachary Ravichandran","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ravichandran, Zachary","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029243115","display_name":"George J. Pappas","orcid":"https://orcid.org/0000-0001-9081-0637"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pappas, George J.","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059354479","display_name":"Hamed Hassani","orcid":"https://orcid.org/0000-0002-9448-8750"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hassani, Hamed","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fredrikson, Matt","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5075035644","display_name":"J. Zico Kolter","orcid":"https://orcid.org/0000-0002-8106-5759"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kolter, J. Zico","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5100707137"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8305000066757202,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8305000066757202,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.08079999685287476,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.023600000888109207,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8500999808311462},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.667900025844574},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.5084999799728394},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4756999909877777},{"id":"https://openalex.org/keywords/reachability","display_name":"Reachability","score":0.4645000100135803},{"id":"https://openalex.org/keywords/robotics","display_name":"Robotics","score":0.4426000118255615},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4327000081539154}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8500999808311462},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.667900025844574},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6376000046730042},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5494999885559082},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.5084999799728394},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4756999909877777},{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.4645000100135803},{"id":"https://openalex.org/C34413123","wikidata":"https://www.wikidata.org/wiki/Q170978","display_name":"Robotics","level":3,"score":0.4426000118255615},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4327000081539154},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.3774999976158142},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36410000920295715},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.359499990940094},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.3555000126361847},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.3531999886035919},{"id":"https://openalex.org/C90509273","wikidata":"https://www.wikidata.org/wiki/Q11012","display_name":"Robot","level":2,"score":0.33809998631477356},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.29589998722076416},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.2849000096321106},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.28380000591278076}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2506.03350","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2506.03350","pdf_url":"https://arxiv.org/pdf/2506.03350","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2506.03350","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2506.03350","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2506.03350","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2506.03350","pdf_url":"https://arxiv.org/pdf/2506.03350","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,27],"emergence":[1],"of":[2,13,19,29,87,102,125,131,135,167],"vision-language-action":[3],"models":[4,44],"(VLAs)":[5],"for":[6],"end-to-end":[7],"control":[8,109],"is":[9,97],"reshaping":[10],"the":[11,17,24,58,68,85,98,123,132,155],"field":[12],"robotics":[14],"by":[15,77],"enabling":[16],"fusion":[18],"multimodal":[20],"sensory":[21],"inputs":[22],"at":[23,122,174],"billion-parameter":[25],"scale.":[26],"capabilities":[28],"VLAs":[30,72,138],"stem":[31],"primarily":[32],"from":[33,148],"their":[34],"architectures,":[35],"which":[36,71,118],"are":[37,48,119],"often":[38,140],"based":[39],"on":[40,90],"frontier":[41],"large":[42],"language":[43],"(LLMs).":[45],"However,":[46],"LLMs":[47],"known":[49],"to":[50,53,63,70,106,161,165],"be":[51,162],"susceptible":[52],"adversarial":[54,88],"misuse,":[55],"and":[56,100,139],"given":[57],"significant":[59],"physical":[60],"risks":[61],"inherent":[62],"robotics,":[64],"questions":[65],"remain":[66],"regarding":[67],"extent":[69],"inherit":[73],"these":[74,78],"vulnerabilities.":[75],"Motivated":[76],"concerns,":[79],"in":[80,154],"this":[81],"work":[82],"we":[83],"initiate":[84],"study":[86],"attacks":[89,105,153],"VLA-controlled":[91],"robots.":[92],"Our":[93],"main":[94],"algorithmic":[95],"contribution":[96],"adaptation":[99],"application":[101],"LLM":[103,149],"jailbreaking":[104,150],"obtain":[107],"complete":[108],"authority":[110],"over":[111,142],"VLAs.":[112],"We":[113,169],"find":[114],"that":[115],"textual":[116],"attacks,":[117],"applied":[120],"once":[121],"beginning":[124],"a":[126],"rollout,":[127],"facilitate":[128],"full":[129],"reachability":[130],"action":[133],"space":[134],"commonly":[136],"used":[137],"persist":[141],"longer":[143],"horizons.":[144],"This":[145],"differs":[146],"significantly":[147],"literature,":[151],"as":[152],"real":[156],"world":[157],"do":[158],"not":[159],"have":[160],"semantically":[163],"linked":[164],"notions":[166],"harm.":[168],"make":[170],"all":[171],"code":[172],"available":[173],"https://github.com/eliotjones1/robogcg":[175],".":[176]},"counts_by_year":[],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}