Beyond the Patch: Exploring Vulnerabilities of Visuomotor Policies via Viewpoint-Consistent 3D Adversarial Object

Neural network-based visuomotor policies enable robots to perform manipulation tasks but remain susceptible to perceptual attacks. For example, conventional 2D adversarial patches are effective under fixed-camera setups, where appearance is relatively consistent; however, their efficacy often diminishes under dynamic viewpoints from moving cameras, such as wrist-mounted setups, due to perspective distortions. To proactively investigate potential vulnerabilities beyond 2D patches, this work proposes a viewpoint-consistent adversarial texture optimization method for 3D objects through differentiable rendering. As optimization strategies, we employ Expectation over Transformation (EOT) with a Coarse-to-Fine (C2F) curriculum, exploiting distance-dependent frequency characteristics to induce textures effective across varying camera-object distances. We further integrate saliency-guided perturbations to redirect policy attention and design a targeted loss that persistently drives robots toward adversarial objects. Our comprehensive experiments show that the proposed method is effective under various environmental conditions, while confirming its black-box transferability and real-world applicability.

Key Contributions

• Viewpoint-consistent 3D adversarial texture optimization via differentiable rendering that remains effective under dynamic camera viewpoints (e.g., wrist-mounted setups)
• Coarse-to-Fine (C2F) curriculum combined with Expectation over Transformation (EOT) that exploits distance-dependent frequency characteristics for multi-distance robustness
• Saliency-guided perturbations that redirect policy attention toward adversarial objects, with a targeted loss persistently driving robots to the adversarial target

🛡️ Threat Analysis

Details

Similar Papers