{"id":"https://openalex.org/W7162451341","doi":"https://doi.org/10.48550/arxiv.2605.25304","title":"When Interpretability Becomes a Liability: Adversarial Attacks on CBM Concept Layers","display_name":"When Interpretability Becomes a Liability: Adversarial Attacks on CBM Concept Layers","publication_year":2026,"publication_date":"2026-05-25","ids":{"openalex":"https://openalex.org/W7162451341","doi":"https://doi.org/10.48550/arxiv.2605.25304"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.25304","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.25304","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.25304","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5137040903","display_name":"Aditya Sridhar","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sridhar, Aditya","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5137040903"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6108999848365784,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6108999848365784,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.3589000105857849,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.00419999985024333,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/interpretability","display_name":"Interpretability","score":0.9143000245094299},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7124999761581421},{"id":"https://openalex.org/keywords/bottleneck","display_name":"Bottleneck","score":0.5881999731063843},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.39340001344680786},{"id":"https://openalex.org/keywords/rendering","display_name":"Rendering (computer graphics)","score":0.36329999566078186},{"id":"https://openalex.org/keywords/norm","display_name":"Norm (philosophy)","score":0.32269999384880066},{"id":"https://openalex.org/keywords/battlespace","display_name":"Battlespace","score":0.31529998779296875}],"concepts":[{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.9143000245094299},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7124999761581421},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7117999792098999},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.5881999731063843},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5680999755859375},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5663999915122986},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.39340001344680786},{"id":"https://openalex.org/C205711294","wikidata":"https://www.wikidata.org/wiki/Q176953","display_name":"Rendering (computer graphics)","level":2,"score":0.36329999566078186},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3314000070095062},{"id":"https://openalex.org/C191795146","wikidata":"https://www.wikidata.org/wiki/Q3878446","display_name":"Norm (philosophy)","level":2,"score":0.32269999384880066},{"id":"https://openalex.org/C2781438671","wikidata":"https://www.wikidata.org/wiki/Q1002407","display_name":"Battlespace","level":2,"score":0.31529998779296875},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.31150001287460327},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.3057999908924103},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.29840001463890076},{"id":"https://openalex.org/C2776135515","wikidata":"https://www.wikidata.org/wiki/Q17143721","display_name":"Regularization (linguistics)","level":2,"score":0.28929999470710754},{"id":"https://openalex.org/C171018156","wikidata":"https://www.wikidata.org/wiki/Q7370306","display_name":"Rotation formalisms in three dimensions","level":2,"score":0.2883000075817108},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.2759999930858612},{"id":"https://openalex.org/C73301696","wikidata":"https://www.wikidata.org/wiki/Q5469984","display_name":"Formalism (music)","level":3,"score":0.2759999930858612},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.2703000009059906},{"id":"https://openalex.org/C2780719617","wikidata":"https://www.wikidata.org/wiki/Q1030752","display_name":"Salient","level":2,"score":0.26179999113082886}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.25304","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.25304","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.25304","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.25304","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5848628878593445}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Concept":[0,115],"Bottleneck":[1],"Models":[2],"(CBMs)":[3],"have":[4],"emerged":[5],"as":[6,167],"a":[7,27,40,69,121,140,168,176],"cornerstone":[8],"approach":[9],"for":[10,117,139],"interpretable":[11,184],"machine":[12,185],"learning,":[13],"providing":[14],"human-understandable":[15],"intermediate":[16],"representations":[17],"through":[18],"explicit":[19],"concept":[20,34,150],"activations.":[21],"However,":[22],"this":[23,107,173],"interpretability":[24],"fundamentally":[25,169],"introduces":[26],"critical,":[28],"previously":[29],"unexplored":[30],"attack":[31,142],"surface:":[32],"the":[33,82,92,129,134,181],"bottleneck":[35],"layer":[36],"itself.":[37],"We":[38,67],"present":[39],"comprehensive,":[41],"systematic":[42],"study":[43],"of":[44,85,183],"concept-level":[45,103,165],"adversarial":[46,188],"vulnerabilities":[47],"in":[48],"CBMs,":[49],"revealing":[50],"that":[51,80,96],"targeted,":[52],"minimal":[53,135],"perturbations":[54],"operating":[55],"on":[56,91],"input":[57],"pixels":[58],"can":[59],"induce":[60],"catastrophic":[61],"misclassification":[62],"by":[63],"manipulating":[64],"semantic":[65,130],"representations.":[66],"develop":[68],"rigorous":[70],"theoretical":[71],"framework":[72],"to":[73,102,145,160],"quantify":[74],"concept-space":[75],"robustness,":[76],"establishing":[77,164],"novel":[78],"metrics":[79],"expose":[81],"vulnerability":[83],"landscape":[84],"these":[86],"architectures.":[87],"Our":[88],"extensive":[89],"analysis":[90],"CUB-200-2011":[93],"dataset":[94],"demonstrates":[95],"standard":[97],"CBMs":[98],"exhibit":[99],"severe":[100],"susceptibility":[101],"manipulation.":[104],"To":[105],"address":[106],"critical":[108],"weakness,":[109],"we":[110],"introduce":[111],"SPECTRA":[112,126,155],"(Semantic":[113],"Perturbation-based":[114],"Training":[116],"Robustness":[118],"against":[119],"Attacks),":[120],"principled":[122],"stability":[123],"regularization":[124],"defense.":[125],"effectively":[127],"hardens":[128],"representation":[131],"space,":[132],"increasing":[133],"perturbation":[136],"norm":[137],"required":[138],"successful":[141],"from":[143],"0.46":[144],"over":[146],"4,200,":[147],"rendering":[148],"targeted":[149],"manipulation":[151],"computationally":[152],"prohibitive.":[153],"Furthermore,":[154],"preserves":[156],"baseline":[157],"classification":[158],"accuracy":[159],"within":[161],"2.2%.":[162],"By":[163],"attacks":[166],"distinct":[170],"threat":[171],"model,":[172],"work":[174],"opens":[175],"new":[177],"research":[178],"frontier":[179],"at":[180],"intersection":[182],"learning":[186],"and":[187],"robustness.":[189]},"counts_by_year":[],"updated_date":"2026-05-27T06:22:25.060010","created_date":"2026-05-27T00:00:00"}