The 5th Workshop of Adversarial Machine Learning on Computer Vision: Foundation Models + X


The IEEE/CVF Conference on Computer Vision and Pattern Recognition. Jun 11-25, 2025. Nashville TN, USA



Overview

Foundation models (FMs) have demonstrated powerful generative capabilities, revolutionizing a wide range of applications in various domains including computer vision. Building upon this success, X-domain-specific foundation models (XFMs, e.g., Autonomous Driving FMs, Medical FMs) further enhance performance in specialized tasks within their respective fields by training on a curated dataset that emphasizes domain-specific knowledge and making architectural modifications specific to the task. Alongside their potential benefits, the increasing reliance on XFMs has also exposed their vulnerabilities to adversarial attacks. These malicious attacks involve applying imperceptible perturbations to input images or prompts, which can cause the models to misclassify the objects or generate adversary-intended outputs. Such vulnerabilities pose significant risks in safety-critical applications in computer vision, such as autonomous vehicles and medical diagnosis, where incorrect predictions can have dire consequences. By studying and addressing the robustness challenges associated with XFMs, we could enable practitioners to construct robust, reliable XFMs across various domains.

The workshop will bring together researchers and practitioners from the computer vision and machine learning communities to explore the latest advances and challenges in adversarial machine learning, with a focus on the robustness of XFMs. The program will consist of invited talks by leading experts in the field, as well as contributed talks and poster sessions featuring the latest research. In addition, the workshop will also organize a challenge on adversarial attacking foundation models.

We believe this workshop will provide a unique opportunity for researchers and practitioners to exchange ideas, share latest developments, and collaborate on addressing the challenges associated with the robustness and security of foundation models. We expect that the workshop will generate insights and discussions that will help advance the field of adversarial machine learning and contribute to the development of more secure and robust foundation models for computer vision applications.


Tentative Important Dates

Timeline (Tentative)

Workshop Schedule
Event Start time End time
Opening Remarks 8:30 8:40
Challenge Session 8:40 9:00
Invited talk #1: Prof. Chao Shen 9:00 9:20
Invited talk #2: Prof. Florian Tramer 9:20 9:40
Invited talk #3: Prof. Alfred Chen 9:40 10:00
Invited Talk #4: Prof. Bo Han 10:00 10:20
Invited Talk #5: Prof. Chaowei Xiao 10:20 10:40
Invited Talk #6: Prof. Vishal M Patel 10:40 11:00
Invited Talk #7: Prof. Jing Shao 11:00 11:20
Poster Session #1 11:00 12:30
Lunch (12:30-13:30)

Proposed Speakers
Chao
Shen

Xi'an Jiaotong University

Florian
Tramer

ETH Zurich

Alfred
Chen

University of California, Irvine

Bo
Han

Hong Kong Baptist University


Chaowei
Xiao

University of Wisconsin, Madison


Vishal
M Patel

Johns Hopkins University


Jing
Shao

Shanghai AI Laboratory


Stay
Tuned

Stay Tuned

Organizers
Tianyuan
Zhang

Beihang
University
Siyang
Wu

Zhongguancun
Laboratory
Aishan
Liu

Beihang
University
Jiakai
Wang

Zhongguancun
Laboratory
Siyuan
Liang

National University
of Singapore
Felix
Juefei-Xu

GenAI at Meta
Qing
Guo

A*STAR
Xinyun
Chen

Google Brain
Yew-Soon
Ong

Nanyang Technological
University
Xianglong
Liu

Beihang
University
Dawn
Song

UC Berkeley
Alan
Yuille

Johns Hopkins
University
Philip
H.S. Torr

Oxford
University
Dacheng
Tao

Nanyang Technological
University

Call for Papers

Foundation models (FMs) have demonstrated powerful generative capabilities, revolutionizing a wide range of applications in various domains including computer vision. Building upon this success, X-domain-specific foundation models (XFMs, e.g., Autonomous Driving FMs, Medical FMs) further enhance performance in specialized tasks within their respective fields by training on a curated dataset that emphasizes domain-specific knowledge and making architectural modifications specific to the task. Alongside their potential benefits, the increasing reliance on XFMs has also exposed their vulnerabilities to adversarial attacks.The workshop will bring together researchers and practitioners from the computer vision and machine learning communities to explore the latest advances and challenges in adversarial machine learning, with a focus on the robustness of XFMs. We welcome research contributions related to the following (but not limited to) topics:
  • Robustness of X-domain-specific foundation models
  • Adversarial attacks on computer vision tasks
  • Improving the robustness of deep learning systems
  • Interpreting and understanding model robustness, especially foundation models
  • Adversarial attacks for social good
  • Dataset and benchmark that could evaluate foundation model robustness
Format: Submissions papers (.pdf format) must use the CVPR 2025 Author Kit for LaTeX/Word Zip file and be anonymized and follow CVPR 2025 author instructions. The workshop considers two types of submissions: (1) Long Paper: Papers are limited to 8 pages excluding references; (2) Extended Abstract: Papers are limited to 4 pages including references. Accepted papers have the option to be included in the CVF and IEEE Xplore Proceedings.

Submission Site: https://openreview.net/group?id=thecvf.com/CVPR/2025/Workshop/Advml
Submission Due (both Paper and Supplementary Material): !!!Time Delay March 25, 2025, 11:59 PM (UTC±0)


Challenge

With the widespread application of Multimodal Large Language Models (MLLMs) globally, their security and robustness have become a focal point of academic and industrial attention. In order to delve deeper into the potential risks of these models and enhance their security in practical applications, we are launching this global red team security challenge.
This challenge aims to invite developers, researchers, and enthusiasts worldwide to design and submit image-text pairs that can trigger harmful, inappropriate, or illegal content generation by multimodal large language models from a "red team" perspective. Through this process, we hope to expose vulnerabilities in the models, drive innovation in security technology, and provide essential directions for future model development.
The competition consists of two stages. In Phase I, the organizers will provide harmful text prompts in various risk categories, and participants must design corresponding adversarial image-text pairs to induce security risks in MLLMs. In Phase II, the organizers will present more challenging harmful text prompts in different risk categories, with participants aiming for similar objectives as in the preliminary round. Ultimately, teams will be evaluated based on the success rate of attacks using the final round image-text pairs to determine the winning teams.
The challenge is now open, and participants can register and access detailed information at the following link:
Challenge Site: https://challenge.aisafety.org.cn/#/competitionDetail?id=19

Timeline

Challenge Timeline
Mar 24, 2025 Competition starts
Mar 26, 2025 Phase 1 starts
April 16, 2025 Phase 1 ends
April 21, 2025 Phase 2 starts
May 11, 2025 Phase 2 ends
May 30, 2025 Results will be released and participants will be selected to present
June 2025 Awards and presentation

Challenge Chair
Siyang
Wu

Zhongguancun
Laboratory
Zonglei
Jing

Beihang
University
Zonghao
Ying

Beihang
University
Hainan
Li

Data Space
Research Institute
Zhilei
Zhu

Data Space
Research Institute
Haotong
Qin

ETH
Zurich
Yue
Yu

Pengcheng
Laboratory
Lei
Chen

Tsinghua
University
Xianglong
Liu

Beihang
University

Sponsors

logo-img
logo-img
logo-img


logo-img
logo-img
logo-img

Program Committee

  • Akshayvarun Subramanya (UMBC)
  • Alexander Robey (UPenn)
  • Ali Shahin Shamsabadi (QMUL)
  • Angtian Wang (JHU)
  • Aniruddha Saha (UMBC)
  • Anshuman Suri (UVA)
  • Bernhard Egger (MIT)
  • Chenglin Yang (JHU)
  • Chirag Agarwal (Harvard)
  • Gaurang Sriramanan (IISc)
  • Jiachen Sun (MSU)
  • Jieru Mei (JHU)
  • Jun Guo (BUAA)
  • Ju He (JHU)
  • Kibok Lee (MSU)
  • Lifeng Huang (SYSU)
  • Maura Pintor (University of Cagliari)
  • Muhammad Awais (QMUL and BetterData)
  • Muzammal Naseer (ANU)
  • Nataniel Ruiz (BU)
  • Qihang Yu (JHU)
  • Qing Jin (NEU)
  • Rajkumar Theagarajan (UCR)
  • Ruihao Gong (SenseTime)
  • Shiyu Tang (BUAA)
  • Shunchang liu (BUAA)
  • Sravanti Addepalli (IISc)
  • Tianlin Li (NTU)
  • Wenxiao Wang (THU)
  • Hang Yu (BUAA)
  • Won Park (MSU)
  • Xiangning Chen (UCLA)
  • Xiaohui Zeng (U of T)
  • Xingjun Ma (DKU)
  • Xinwei Zhao (DU)
  • Yulong Cao (MSU)
  • Yutong Bai (JHU)
  • Zihao Xiao (JHU)
  • Zixin Yin (BUAA)
  • Jin Hu (BUAA)
  • Haojie Hao (BUAA)
  • Zhengquan Sun (BUAA)