English

Comparative Analysis of Patch Attack on VLM-Based Autonomous Driving Architectures

Computer Vision and Pattern Recognition 2026-03-11 v1

Abstract

Vision-language models are emerging for autonomous driving, yet their robustness to physical adversarial attacks remains unexplored. This paper presents a systematic framework for comparative adversarial evaluation across three VLM architectures: Dolphins, OmniDrive (Omni-L), and LeapVAD. Using black-box optimization with semantic homogenization for fair comparison, we evaluate physically realizable patch attacks in CARLA simulation. Results reveal severe vulnerabilities across all architectures, sustained multi-frame failures, and critical object detection degradation. Our analysis exposes distinct architectural vulnerability patterns, demonstrating that current VLM designs inadequately address adversarial threats in safety-critical autonomous driving applications.

Keywords

Cite

@article{arxiv.2603.08897,
  title  = {Comparative Analysis of Patch Attack on VLM-Based Autonomous Driving Architectures},
  author = {David Fernandez and Pedram MohajerAnsari and Amir Salarpour and Long Cheng and Abolfazl Razi and Mert D. Pesé},
  journal= {arXiv preprint arXiv:2603.08897},
  year   = {2026}
}

Comments

Accepted at the 2025 IEEE Intelligent Vehicles Symposium (IV 2025)

R2 v1 2026-07-01T11:11:08.499Z