TRAP: Hijacking VLA CoT-Reasoning via Adversarial Patches
Researchers have developed a novel attack method called TRAP that exploits the Chain-of-Thought (CoT) reasoning in Vision-Language-Action (VLA) models. This attack uses adversarial patches, such as a tablecloth, to manipulate the model's reasoning process and hijack its actions, leading to unintended behaviors like misdelivering items. The method has been demonstrated effectively on various VLA models and even replicated in a real-world setting, highlighting critical security vulnerabilities in current VLA systems. AI
IMPACT Highlights critical security vulnerabilities in VLA models, necessitating research into defenses for CoT reasoning.