Manipulation Facing Threats: Evaluating Physical Vulnerabilities in End-to-End Vision Language Action Models

TL;DR

This paper evaluates the physical robustness of Vision Language Action Models (VLAMs) against threats like adversarial attacks and out-of-distribution inputs, highlighting vulnerabilities in robotic manipulation tasks.

Contribution

It introduces the Physical Vulnerability Evaluating Pipeline (PVEP) for comprehensive assessment of VLAMs' robustness to physical threats.

Findings

VLAMs show significant performance drops under adversarial attacks.

PVEP effectively identifies vulnerabilities in visual and physical robustness.

Analysis guides future improvements in safe robotic manipulation.

Abstract

Recently, driven by advancements in Multimodal Large Language Models (MLLMs), Vision Language Action Models (VLAMs) are being proposed to achieve better performance in open-vocabulary scenarios for robotic manipulation tasks. Since manipulation tasks involve direct interaction with the physical world, ensuring robustness and safety during the execution of this task is always a very critical issue. In this paper, by synthesizing current safety research on MLLMs and the specific application scenarios of the manipulation task in the physical world, we comprehensively evaluate VLAMs in the face of potential physical threats. Specifically, we propose the Physical Vulnerability Evaluating Pipeline (PVEP) that can incorporate as many visual modal physical threats as possible for evaluating the physical robustness of VLAMs. The physical threats in PVEP specifically include Out-of-Distribution, Typography-based Visual Prompt, and Adversarial Patch Attacks. By comparing the performance fluctuations of VLAMs before and after being attacked, we provide generalizable \textbf{\textit{Analyses}} of how VLAMs respond to different physical threats.