{"total":15,"items":[{"citing_arxiv_id":"2605.19309","ref_index":32,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"How Do Document Parsers Break? Auditing Structural Vulnerability in Document Intelligence","primary_cat":"cs.CL","submitted_at":"2026-05-19T03:44:09+00:00","verdict":null,"verdict_confidence":null,"novelty_score":null,"formal_verification":null,"one_line_summary":null,"context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.01950","ref_index":6,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"TRAP: Tail-aware Ranking Attack for World-Model Planning","primary_cat":"cs.LG","submitted_at":"2026-05-03T16:19:45+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"TRAP is a tail-aware ranking attack that plants a backdoor in world models so that a trigger causes the model to reorder a few critical imagined trajectories and redirect planning while preserving normal behavior on clean inputs.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"[4] Tim Brooks, Bill Peebles, Connor Holmes, Will DePue, Yufei Guo, Leo Jing, David Schnurr, Joe Taylor, Troy Luhman, Eric Luhman, et al. 2024. Video generation models as world simulators.OpenAI Blog1, 8 (2024), 1. [5] Tom B Brown, Dandelion Mané, Aurko Roy, Martín Abadi, and Justin Gilmer. 2017. Adversarial patch.arXiv preprint arXiv:1712.09665(2017). [6] Jake Bruce, Michael D Dennis, Ashley Edwards, Jack Parker-Holder, Yuge Shi, Edward Hughes, Matthew Lai, Aditi Mavalankar, Richie Steigerwald, Chris Apps, et al. 2024. Genie: Generative interactive environments. InForty-first International Conference on Machine Learning. [7] Chang Chen, Yi-Fu Wu, Jaesik Yoon, and Sungjin Ahn. 2022. Transdreamer: Reinforcement learning with transformer world models."},{"citing_arxiv_id":"2604.27414","ref_index":2,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Understanding Adversarial Transferability in Vision-Language Models for Autonomous Driving: A Cross-Architecture Analysis","primary_cat":"cs.CV","submitted_at":"2026-04-30T04:33:38+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"Adversarial patches transfer across three VLM architectures in autonomous driving scenarios with 73-91% success rates and affect 65-79% of critical decision frames even without target-specific optimization.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.23105","ref_index":46,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Transferable Physical-World Adversarial Patches Against Object Detection in Autonomous Driving","primary_cat":"cs.CV","submitted_at":"2026-04-25T02:00:01+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"AdvAD produces physical-world adversarial patches with improved transferability to unseen object detectors by multi-model optimization, adaptive balancing, and physical variation robustness.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.22552","ref_index":53,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Transferable Physical-World Adversarial Patches Against Pedestrian Detection Models","primary_cat":"cs.CV","submitted_at":"2026-04-24T13:45:11+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"TriPatch generates transferable physical adversarial patches via multi-stage triplet loss, appearance consistency, and data augmentation to achieve higher attack success rates on pedestrian detectors than prior methods.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.12418","ref_index":6,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"RACF: A Resilient Autonomous Car Framework with Object Distance Correction","primary_cat":"cs.RO","submitted_at":"2026-04-14T08:06:09+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"RACF corrects inconsistent depth camera distance estimates in autonomous vehicles using LiDAR and kinematic redundancy, achieving up to 35% RMSE reduction and better braking in tests on a Quanser QCar 2 platform.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.06865","ref_index":4,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Physical Adversarial Attacks on AI Surveillance Systems:Detection, Tracking, and Visible--Infrared Evasion","primary_cat":"cs.CV","submitted_at":"2026-04-08T09:26:03+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":3.0,"formal_verification":"none","one_line_summary":"The paper organizes existing physical adversarial attack literature into a surveillance-oriented taxonomy emphasizing temporal persistence, multi-modal sensing, carrier realism, and system-level objectives, concluding that robustness requires system-level evaluation over time and across sensors.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.02457","ref_index":5,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Street-Legal Physical-World Adversarial Rim for License Plates","primary_cat":"cs.CV","submitted_at":"2026-04-02T18:41:29+00:00","verdict":"CONDITIONAL","verdict_confidence":"MODERATE","novelty_score":6.0,"formal_verification":"none","one_line_summary":"SPAR is a street-legal physical rim that cuts modern ALPR accuracy by 60% and reaches 18% targeted impersonation while costing under $100 and requiring no plate modification.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"perspective, and lighting conditions, which have all been identified in prior lit- erature as challenges to adversarial attacks on vision models [29] and on ALPR systems specifically [43]. We use statistical methods to quantify our approach's dependence on camera distance and viewing angle. 1.1 Background Adversarial attacks on computer vision models can be broadly classified into perturbation attacks [32], patch-based attacks [5], and spot attacks [26]. Good- fellow et al. [10] showed that perturbation attacks exploit the approximate lin- earity of neural networks in high-dimensional input spaces. By adding a bounded input-dependent perturbation, an attacker can induce a disproportionately large change in a model's internal activations and output relative to the perturbation"},{"citing_arxiv_id":"2511.09829","ref_index":6,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"Thermally Activated Dual-Modal Adversarial Clothing against AI Surveillance Systems","primary_cat":"cs.AI","submitted_at":"2025-11-13T00:23:15+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Thermally activated clothing with thermochromic dyes and heaters creates dynamic adversarial patterns that evade AI surveillance in visible and infrared modalities while appearing ordinary when inactive.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2505.06335","ref_index":31,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"Remote Rowhammer Attack using Adversarial Observations on Federated Learning Clients","primary_cat":"cs.LG","submitted_at":"2025-05-09T17:27:17+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"A reinforcement learning attacker manipulates client sensor observations in federated learning to induce repetitive server memory updates, achieving around 70% repeated update rate and enabling remote Rowhammer bit flips on an automatic speech recognition model.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2412.14113","ref_index":6,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"Adversarial Hubness in Multi-Modal Retrieval","primary_cat":"cs.CR","submitted_at":"2024-12-18T17:58:58+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"Adversarial hubs can be generated to be retrieved as top-1 for over 84% of test queries in text-to-image retrieval, far exceeding natural hubs.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2409.07609","ref_index":21,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"Survival of the Cheapest: Cost-Aware Hardware Adaptation for Adversarial Robustness","primary_cat":"cs.CR","submitted_at":"2024-09-11T20:43:59+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"A decision-support framework applies AFT models to show Nvidia L4 GPUs yield 20% longer adversarial survival time at 75% lower cost than V100, with inference latency as the strongest robustness predictor.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"1907.01996","ref_index":1,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior","primary_cat":"cs.CV","submitted_at":"2019-07-03T15:40:05+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"A DIP-based optimization produces adversarial perturbations and patches that are more robust to affine transformations than standard high-frequency noise while staying imperceptible.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"1906.10671","ref_index":2,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"Explaining Deep Learning Models with Constrained Adversarial Examples","primary_cat":"cs.LG","submitted_at":"2019-06-25T17:09:43+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Introduces CADEX to generate domain-constrained counterfactual explanations for ML models using adversarial perturbations.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"1906.11897","ref_index":3,"ref_count":1,"confidence":0.98,"is_internal_anchor":true,"paper_title":"On Physical Adversarial Patches for Object Detection","primary_cat":"cs.CV","submitted_at":"2019-06-20T11:04:57+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"A physical patch suppresses all object detections by YOLOv3 even for distant objects without overlapping them.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null}],"limit":50,"offset":0}