3D Gaussian Splat Vulnerabilities

TL;DR

This paper uncovers vulnerabilities in 3D Gaussian Splatting by introducing view-dependent adversarial attacks that can deceive object detectors, posing risks to safety-critical applications.

Contribution

It presents CLOAK and DAGGER, novel attack methods exploiting view-dependent properties and direct perturbations in 3D Gaussian Splatting, revealing new security vulnerabilities.

Findings

CLOAK can embed view-dependent adversarial content.

DAGGER effectively deceives multi-stage object detectors.

Vulnerabilities pose risks to autonomous navigation systems.

Abstract

With 3D Gaussian Splatting (3DGS) being increasingly used in safety-critical applications, how can an adversary manipulate the scene to cause harm? We introduce CLOAK, the first attack that leverages view-dependent Gaussian appearances - colors and textures that change with viewing angle - to embed adversarial content visible only from specific viewpoints. We further demonstrate DAGGER, a targeted adversarial attack directly perturbing 3D Gaussians without access to underlying training data, deceiving multi-stage object detectors e.g., Faster R-CNN, through established methods such as projected gradient descent. These attacks highlight underexplored vulnerabilities in 3DGS, introducing a new potential threat to robotic learning for autonomous navigation and other safety-critical 3DGS applications.