Research Analyzer
← Back ICRA 2026

Beyond the Patch: Exploring Vulnerabilities of Visuomotor Policies via Viewpoint-Consistent 3D Adversarial Object

Chanmi Lee, Minsung Yoon, Woojae Kim, Sebin Lee, Sung-eui Yoon

PDF

AI summary

Key figure (auto-extracted from paper)
A viewpoint-consistent 3D adversarial object successfully deceives wrist-mounted camera visuomotor policies across dynamic viewpoints, outperforming traditional 2D patches.
adversarial attacks visuomotor policies 3D adversarial objects differentiable rendering robotic security viewpoint robustness

Problem

Traditional 2D adversarial patches lose effectiveness under dynamic viewpoints and perspective distortions common in real-world robotic setups with moving or wrist-mounted cameras.

Approach

The authors optimize a texture on a 3D mesh using differentiable rendering and Expectation over Transformation, guided by a coarse-to-fine curriculum and saliency maps to maintain attack efficacy across varying distances and angles.

Key results

  • Achieves high attack success rates across diverse viewing angles and camera-object distances
  • Outperforms conventional 2D adversarial patches under dynamic viewpoint conditions
  • Demonstrates black-box transferability and real-world deployment viability
  • Coarse-to-fine optimization and saliency guidance significantly boost attack potency

Why it matters

It exposes critical security flaws in real-world robotic manipulation systems, prompting developers to prioritize 3D adversarial robustness for safe deployment.

Abstract

Neural network–based visuomotor policies enable robots to perform manipulation tasks but remain susceptible to perceptual attacks. For example, conventional 2D adversarial patches are effective under fixed-camera setups, where appear- ance is relatively consistent; however, their efficacy often dimin- ishes under dynamic viewpoints from moving cameras, such as wrist-mounted setups, due to perspective distortions. To proac- tively investigate potential vulnerabilities beyond 2D patches, this work proposes a viewpoint-consistent adversarial texture optimization method for 3D objects through differentiable ren- dering. As optimization strategies, we employ Expectation over Transformation (EOT) with a Coarse-to-Fine (C2F) curriculum, exploiting distance-dependent frequency characteristics to in- duce textures effective across varying camera–object distances. We further integrate saliency-guided perturbations to redirect policy attention and design a targeted loss that persistently drives robots toward adversarial objects. Our comprehensive experiments show that the proposed method is effective under various environmental conditions, while confirming its black- box transferability and real-world applicability.

Index terms

Deep Learning for Visual Perception Deep Learning in Grasping and Manipulation Deep Learning Methods

Related papers

  1. 95 similarity
    Exploiting Vulnerabilities: Universal Adversarial Attacks on Vision-Language-Action Models in Robotics AI summary
    Songhua Yang, Ziyu Liu, Yuanwei Liu, Xuetao Li, Xuanye Fei, He Huang, Zheng WANG, Miao Li
    PDF
  2. 93 similarity
    Learning Visuomotor Policy for Multi-Robot Laser Tag Game AI summary
    Kai Li, Shiyu Zhao
    PDF
  3. 92 similarity
    Do You Know Where Your Camera Is? View-Invariant Policy Learning with Camera Conditioning AI summary
    Tianchong Jiang, Jingtian Ji, Xiangshan Tan, Jiading Fang, Anand Bhattad, Vitor Guizilini, Matthew Walter
    PDF
  4. 92 similarity
    Unsupervised Domain Adaptation for Robust Imitation Learning under Visual Perturbations AI summary
    Yasuhiro Kato, Thomas Westfechtel, Jen-Yen Chang, Naoki Morihira, Akinobu Hayashi, Tatsuya Harada, Takayuki Osa
    PDF
  5. 92 similarity
    Augmented Reality for RObots (ARRO): Pointing Visuomotor Policies towards Visual Robustness AI summary
    Reihaneh Mirjalili, Tobias Thomas Jülg, Florian Walter, Wolfram Burgard
    PDF
  6. 92 similarity
    Improving Robotic Manipulation Robustness Via NICE Scene Surgery AI summary
    Sajjad Pakdamansavoji, MOZHGAN POURKESHAVARZ, Adam Sigal, Zhiyuan Li, Rui Heng Yang, Amir Rasouli
    PDF
  7. 92 similarity
    VO-DP: Semantic-Geometric Adaptive Diffusion Policy for Vision-Only Robotic Manipulation AI summary
    Zehao Ni, Yonghao He, Lingfeng Qian, Jilei Mao, Fa Fu, Wei Sui, Hu Su, Junran Peng, Zhipeng Wang, Bin He
    PDF
  8. 92 similarity
    Semantic Hierarchy-Guided Adversarial Attack for Autonomous Driving AI summary
    Gwangbin Kim, SeungJun Kim
    PDF