SafeGenes: Evaluating the Adversarial Robustness of Genomic Foundation Models

TL;DR

This paper introduces SafeGenes, a framework for evaluating the adversarial robustness of genomic foundation models, revealing significant vulnerabilities through targeted attack methods that compromise model reliability.

Contribution

SafeGenes is the first comprehensive framework to assess adversarial vulnerabilities of GFMs using novel attack techniques like FGSM and soft prompt attacks.

Findings

Targeted soft prompt attacks severely degrade model performance.

Even high-capacity models like ESM1b are vulnerable to adversarial manipulation.

The study highlights critical security gaps in current genomic foundation models.

Abstract

Genomic Foundation Models (GFMs), such as Evolutionary Scale Modeling (ESM), have demonstrated significant success in variant effect prediction. However, their adversarial robustness remains largely unexplored. To address this gap, we propose SafeGenes: a framework for Secure analysis of genomic foundation models, leveraging adversarial attacks to evaluate robustness against both engineered near-identical adversarial Genes and embedding-space manipulations. In this study, we assess the adversarial vulnerabilities of GFMs using two approaches: the Fast Gradient Sign Method (FGSM) and a soft prompt attack. FGSM introduces minimal perturbations to input sequences, while the soft prompt attack optimizes continuous embeddings to manipulate model predictions without modifying the input tokens. By combining these techniques, SafeGenes provides a comprehensive assessment of GFM susceptibility to adversarial manipulation. Targeted soft prompt attacks induced severe degradation in MLM-based shallow architectures such as ProteinBERT, while still producing substantial failure modes even in high-capacity foundation models such as ESM1b and ESM1v. These findings expose critical vulnerabilities in current foundation models, opening new research directions toward improving their security and robustness in high-stakes genomic applications such as variant effect prediction.