The 5th Workshop of Adversarial Machine Learning on Computer Vision: Foundation Models + X


The IEEE/CVF Conference on Computer Vision and Pattern Recognition. Jun 11-25, 2025. Nashville TN, USA



Overview

Foundation models (FMs) have demonstrated powerful generative capabilities, revolutionizing a wide range of applications in various domains including computer vision. Building upon this success, X-domain-specific foundation models (XFMs, e.g., Autonomous Driving FMs, Medical FMs) further enhance performance in specialized tasks within their respective fields by training on a curated dataset that emphasizes domain-specific knowledge and making architectural modifications specific to the task. Alongside their potential benefits, the increasing reliance on XFMs has also exposed their vulnerabilities to adversarial attacks. These malicious attacks involve applying imperceptible perturbations to input images or prompts, which can cause the models to misclassify the objects or generate adversary-intended outputs. Such vulnerabilities pose significant risks in safety-critical applications in computer vision, such as autonomous vehicles and medical diagnosis, where incorrect predictions can have dire consequences. By studying and addressing the robustness challenges associated with XFMs, we could enable practitioners to construct robust, reliable XFMs across various domains.

The workshop will bring together researchers and practitioners from the computer vision and machine learning communities to explore the latest advances and challenges in adversarial machine learning, with a focus on the robustness of XFMs. The program will consist of invited talks by leading experts in the field, as well as contributed talks and poster sessions featuring the latest research. In addition, the workshop will also organize a challenge on adversarial attacking foundation models.

We believe this workshop will provide a unique opportunity for researchers and practitioners to exchange ideas, share latest developments, and collaborate on addressing the challenges associated with the robustness and security of foundation models. We expect that the workshop will generate insights and discussions that will help advance the field of adversarial machine learning and contribute to the development of more secure and robust foundation models for computer vision applications.


Tentative Important Dates

Timeline (Tentative)

Workshop Schedule
Event Start time End time
Opening Remarks 8:30 8:40
Challenge Session 8:40 9:00
Invited talk #1: Prof. Florian Tramer 9:00 9:20
Invited talk #2: Prof. Alfred Chen 9:20 9:40
Invited Talk #3: Prof. Bo Han 9:40 10:00
Invited Talk #4: Prof. Chaowei Xiao 10:00 10:20
Invited Talk #5: Prof. Cihang Xie 10:20 10:40
Invited Talk #6: Prof. Jing Shao 10:40 11:00
Invited Talk #7: TBD 11:00 11:20
Poster Session #1 11:00 12:30
Lunch (12:30-13:30)

Proposed Speakers
Florian
Tramer

ETH Zurich

Alfred
Chen

University of California, Irvine

Bo
Han

Hong Kong Baptist University

Chaowei
Xiao

University of Wisconsin, Madison



Cihang
Xie

University of California, Santa Cruz


Jing
Shao

Shanghai AI Laboratory


TBD
TBD

TODO

Organizers
Tianyuan
Zhang

Beihang
University
Siyang
Wu

Zhongguancun
Laboratory
Aishan
Liu

Beihang
University
Jiakai
Wang

Zhongguancun
Laboratory
Siyuan
Liang

National University
of Singapore
Felix
Juefei-Xu

GenAI at Meta
Qing
Guo

A*STAR
Xinyun
Chen

Google Brain
Yew-Soon
Ong

Nanyang Technological
University
Xianglong
Liu

Beihang
University
Dawn
Song

UC Berkeley
Alan
Yuille

Johns Hopkins
University
Philip
H.S. Torr

Oxford
University
Dacheng
Tao

Nanyang Technological
University

Call for Papers

Foundation models (FMs) have demonstrated powerful generative capabilities, revolutionizing a wide range of applications in various domains including computer vision. Building upon this success, X-domain-specific foundation models (XFMs, e.g., Autonomous Driving FMs, Medical FMs) further enhance performance in specialized tasks within their respective fields by training on a curated dataset that emphasizes domain-specific knowledge and making architectural modifications specific to the task. Alongside their potential benefits, the increasing reliance on XFMs has also exposed their vulnerabilities to adversarial attacks.The workshop will bring together researchers and practitioners from the computer vision and machine learning communities to explore the latest advances and challenges in adversarial machine learning, with a focus on the robustness of XFMs. We welcome research contributions related to the following (but not limited to) topics:
  • Robustness of X-domain-specific foundation models
  • Adversarial attacks on computer vision tasks
  • Improving the robustness of deep learning systems
  • Interpreting and understanding model robustness, especially foundation models
  • Adversarial attacks for social good
  • Dataset and benchmark that could evaluate foundation model robustness
Format: Submissions papers (.pdf format) must use the CVPR 2025 Author Kit for LaTeX/Word Zip file and be anonymized and follow CVPR 2025 author instructions. The workshop considers two types of submissions: (1) Long Paper: Papers are limited to 8 pages excluding references; (2) Extended Abstract: Papers are limited to 4 pages including references.

Submission Site: https://openreview.net/group?id=thecvf.com/CVPR/2025/Workshop/Advml
Submission Due: March 10, 2025, Anywhere on Earth (AoE)


Challenge

This workshop will host a competition centered on adversarial attacks targeting Foundation Models + X, where "X" in XFM represents Autonomous Driving. These models (e.g., LMDrive) represent a transformative shift by enabling a unified architecture that can handle diverse driving tasks and generalize across various driving scenarios. Participants will be tasked with creating adversarial examples within specific tasks to deceive these black-box XFMs.
The competition will proceed in two phases: Phase 1 will involve a white-box evaluation with access to models or data, while Phase 2 will adopt a black-box setup, with access restricted. By testing XFMs' resilience to adversarial attacks, this competition aims to deepen our understanding of their robustness, promoting practical advancements in applying FMs to autonomous driving.
The competition dataset is currently under preparation and will be available by March 15, 2025. In the event of unforeseen delays, an alternative open-source dataset will be used. After careful review, we have identified no ethical concerns. The detailed timeline is provided in the following table.

Timeline

Challenge Timeline
Mar 15, 2025 Competition starts
Mar 17, 2025 Phase 1 starts
April 17, 2025 Phase 1 ends
April 18, 2025 Phase 2 starts
May 18, 2025 Phase 2 ends
May 30, 2025 Results will be released and participants will be selected to present
June 2025 Awards and presentation

Challenge Chair
Siyang
Wu

Zhongguancun
Laboratory
Haotong
Qin

ETH
Zurich
Zonglei
Jing

Beihang
University
Zonghao
Ying

Beihang
University
Yue
Yu

Pengcheng
Laboratory
Xianglong
Liu

Beihang
University

Sponsors

logo-img
logo-img

logo-img


Program Committee

  • Akshayvarun Subramanya (UMBC)
  • Alexander Robey (UPenn)
  • Ali Shahin Shamsabadi (QMUL)
  • Angtian Wang (JHU)
  • Aniruddha Saha (UMBC)
  • Anshuman Suri (UVA)
  • Bernhard Egger (MIT)
  • Chenglin Yang (JHU)
  • Chirag Agarwal (Harvard)
  • Gaurang Sriramanan (IISc)
  • Jiachen Sun (MSU)
  • Jieru Mei (JHU)
  • Jun Guo (BUAA)
  • Ju He (JHU)
  • Kibok Lee (MSU)
  • Lifeng Huang (SYSU)
  • Maura Pintor (University of Cagliari)
  • Muhammad Awais (KHU)
  • Muzammal Naseer (ANU)
  • Nataniel Ruiz (BU)
  • Qihang Yu (JHU)
  • Qing Jin (NEU)
  • Rajkumar Theagarajan (UCR)
  • Ruihao Gong (SenseTime)
  • Shiyu Tang (BUAA)
  • Shunchang liu (BUAA)
  • Sravanti Addepalli (IISc)
  • Tianlin Li (NTU)
  • Wenxiao Wang (THU)
  • Hang Yu (BUAA)
  • Won Park (MSU)
  • Xiangning Chen (UCLA)
  • Xiaohui Zeng (U of T)
  • Xingjun Ma (DKU)
  • Xinwei Zhao (DU)
  • Yulong Cao (MSU)
  • Yutong Bai (JHU)
  • Zihao Xiao (JHU)
  • Zixin Yin (BUAA)
  • Jin Hu (BUAA)
  • Haojie Hao (BUAA)
  • Zhengquan Sun (BUAA)