Adversarial Flow Matching Targets Transformer Vulnerabilities in E2E Autonomous Driving
A research paper on arXiv (2605.00880) introduces Adversarial Flow Matching (AFM), a gray-box attack framework designed to exploit Transformer structural vulnerabilities in end-to-end (E2E) autonomous driving (AD) models. The study highlights that both monolithic Vision-Language-Action (VLA) models and specialized modular architectures increasingly rely on Transformer backbones, creating a shared vulnerability to visually imperceptible perturbations that can cause hazardous maneuvers. Existing white-box and black-box attacks require full model transparency or suffer from high query latency and limited transferability. AFM enables efficient one-step generation of adversarial perturbations targeting the Transformer module, operating under gray-box settings. The paper was published on arXiv on May 8, 2025.
Key facts
- Adversarial Flow Matching (AFM) is a gray-box attack framework for end-to-end autonomous driving models.
- AFM targets Transformer structural vulnerabilities in both monolithic VLA and modular architectures.
- Visually imperceptible perturbations can manipulate E2E AD models into hazardous maneuvers.
- Existing white-box and black-box attacks require full model transparency or have high latency.
- AFM enables efficient one-step generation of adversarial perturbations.
- The paper is available on arXiv with ID 2605.00880.
- The research focuses on Transformer backbones as a common vulnerability.
- The paper was announced on arXiv on May 8, 2025.
Entities
Institutions
- arXiv