{"id":"https://openalex.org/W7116926992","doi":"https://doi.org/10.48550/arxiv.2512.17902","title":"Adversarial Robustness of Vision in Open Foundation Models","display_name":"Adversarial Robustness of Vision in Open Foundation Models","publication_year":2025,"publication_date":"2025-12-19","ids":{"openalex":"https://openalex.org/W7116926992","doi":"https://doi.org/10.48550/arxiv.2512.17902"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.17902","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.17902","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.17902","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121071851","display_name":"Jonathon Fox","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Fox, Jonathon","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068020099","display_name":"William J. Buchanan","orcid":"https://orcid.org/0000-0003-0809-3523"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Buchanan, William J","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5046184079","display_name":"Pavlos Papadopoulos","orcid":"https://orcid.org/0000-0001-5927-6026"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Papadopoulos, Pavlos","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5121071851"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.0006000000284984708,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.0005000000237487257,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8860999941825867},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7461000084877014},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.541100025177002},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.32600000500679016},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.31130000948905945},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.2757999897003174}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8860999941825867},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7461000084877014},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6708999872207642},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6316999793052673},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.541100025177002},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5146999955177307},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.3544999957084656},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.32600000500679016},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.31130000948905945},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.2757999897003174},{"id":"https://openalex.org/C774472","wikidata":"https://www.wikidata.org/wiki/Q6760393","display_name":"Margin (machine learning)","level":2,"score":0.2694999873638153},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2639000117778778},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2549999952316284},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.25119999051094055}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.17902","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.17902","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.17902","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.17902","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,12,37,49,69,77,95,106,150,154,164],"increase":[2],"in":[3,14,39,130,137],"deep":[4],"learning,":[5],"it":[6],"becomes":[7],"increasingly":[8],"difficult":[9],"to":[10,26,142],"understand":[11],"model":[13],"which":[15,34],"AI":[16,38],"systems":[17],"can":[18],"identify":[19],"objects.":[20],"Thus,":[21],"an":[22,28,43],"adversary":[23],"could":[24],"aim":[25],"modify":[27],"image":[29],"by":[30,194],"adding":[31],"unseen":[32],"elements,":[33],"will":[35],"confuse":[36],"its":[40],"recognition":[41],"of":[42,52,87,111,166],"entity.":[44],"This":[45,100],"paper":[46],"thus":[47],"investigates":[48],"adversarial":[50,89,179],"robustness":[51,180],"LLaVA-1.5-13B":[53],"and":[54,73,113,190,197],"Meta's":[55,171],"Llama":[56,114,122,172],"3.2":[57,115,123,173],"Vision-8B-2.":[58],"These":[59],"are":[60,91],"tested":[61],"for":[62,162],"untargeted":[63],"PGD":[64],"(Projected":[65],"Gradient":[66],"Descent)":[67],"against":[68],"visual":[70],"input":[71],"modality,":[72],"empirically":[74],"evaluated":[75],"on":[76],"Visual":[78],"Question":[79],"Answering":[80],"(VQA)":[81],"v2":[82],"dataset":[83],"subset.":[84],"The":[85],"results":[86],"these":[88],"attacks":[90],"then":[92,103],"quantified":[93],"using":[94],"standard":[96,187],"VQA":[97],"accuracy":[98,107,129],"metric.":[99],"evaluation":[101],"is":[102,120],"compared":[104,141],"with":[105,186],"degradation":[108],"(accuracy":[109],"drop)":[110],"LLaVA":[112],"Vision.":[116,174],"A":[117],"key":[118],"finding":[119],"that":[121,153,178],"Vision,":[124],"despite":[125],"a":[126,134,158],"lower":[127],"baseline":[128],"this":[131],"setup,":[132],"exhibited":[133],"smaller":[135],"drop":[136],"performance":[138,165,189],"under":[139],"attack":[140,160],"LLaVA,":[143],"particularly":[144],"at":[145],"higher":[146],"perturbation":[147],"levels.":[148],"Overall,":[149],"findings":[151],"confirm":[152],"vision":[155],"modality":[156],"represents":[157],"viable":[159],"vector":[161],"degrading":[163],"contemporary":[167],"open-weight":[168],"VLMs,":[169],"including":[170],"Furthermore,":[175],"they":[176],"highlight":[177],"does":[181],"not":[182],"necessarily":[183],"correlate":[184],"directly":[185],"benchmark":[188],"may":[191],"be":[192],"influenced":[193],"underlying":[195],"architectural":[196],"training":[198],"factors.":[199]},"counts_by_year":[],"updated_date":"2025-12-23T23:15:37.779995","created_date":"2025-12-23T00:00:00"}