Redirecting to original paper in 30 seconds...

Click below to go immediately or wait for automatic redirect

arxiv_ai 95% Match Research Paper AI Security Researchers,Embodied AI Developers,Robotics Engineers,AI Safety Researchers 4 days ago

Visual Backdoor Attacks on MLLM Embodied Decision Making via Contrastive Trigger Learning

ai-safety › robustness
📄 Abstract

Abstract: Multimodal large language models (MLLMs) have advanced embodied agents by enabling direct perception, reasoning, and planning task-oriented actions from visual inputs. However, such vision driven embodied agents open a new attack surface: visual backdoor attacks, where the agent behaves normally until a visual trigger appears in the scene, then persistently executes an attacker-specified multi-step policy. We introduce BEAT, the first framework to inject such visual backdoors into MLLM-based embodied agents using objects in the environments as triggers. Unlike textual triggers, object triggers exhibit wide variation across viewpoints and lighting, making them difficult to implant reliably. BEAT addresses this challenge by (1) constructing a training set that spans diverse scenes, tasks, and trigger placements to expose agents to trigger variability, and (2) introducing a two-stage training scheme that first applies supervised fine-tuning (SFT) and then our novel Contrastive Trigger Learning (CTL). CTL formulates trigger discrimination as preference learning between trigger-present and trigger-free inputs, explicitly sharpening the decision boundaries to ensure precise backdoor activation. Across various embodied agent benchmarks and MLLMs, BEAT achieves attack success rates up to 80%, while maintaining strong benign task performance, and generalizes reliably to out-of-distribution trigger placements. Notably, compared to naive SFT, CTL boosts backdoor activation accuracy up to 39% under limited backdoor data. These findings expose a critical yet unexplored security risk in MLLM-based embodied agents, underscoring the need for robust defenses before real-world deployment.
Authors (10)
Qiusi Zhan
Hyeonjeong Ha
Rui Yang
Sirui Xu
Hanyang Chen
Liang-Yan Gui
+4 more
Submitted
October 31, 2025
arXiv Category
cs.AI
arXiv PDF

Key Contributions

Introduces BEAT, the first framework to inject visual backdoors into MLLM-based embodied agents using objects as triggers. It addresses the challenge of trigger variability (viewpoints, lighting) by constructing a diverse training set and employing a novel two-stage training scheme (SFT + Contrastive Trigger Learning) to reliably implant these backdoors.

Business Value

Highlights critical security vulnerabilities in multimodal embodied AI systems, driving the development of more robust and secure AI agents for real-world applications like robotics and autonomous systems.

Paper Metadata

Innovation Type

Attack Framework

Deployment Feasibility

High (as an attack framework, demonstrating vulnerabilities)

Limitations Addressed

Addresses the difficulty of reliably implanting visual triggers in embodied agents due to variations in viewpoints and lighting conditions, and the lack of existing frameworks for such attacks.

Technical Tags

Visual Backdoor AttacksMultimodal Large Language Models (MLLMs)Embodied AgentsContrastive Trigger LearningObject TriggersSupervised Fine-Tuning (SFT)Trigger VariabilityAttack RobustnessAdversarial AttacksAI Security

Research Topics

AI SecurityRobustness of AI SystemsEmbodied AIMultimodal AIAdversarial Machine Learning

Methods & Architectures

BEAT frameworkContrastive Trigger LearningTwo-stage training scheme (SFT + Contrastive Trigger Learning)Using objects as triggersTraining set construction for trigger variability Multimodal Large Language Models (MLLMs)

Applications & Tasks

Embodied AI Robotics Autonomous Systems AI Security Adversarial AttacksModel RobustnessAI Security Vulnerabilities Injecting visual backdoors into MLLM-based embodied agentsEvaluating the security of embodied AI systemsDeveloping defenses against visual backdoor attacks

Related Fields

Artificial IntelligenceComputer VisionNatural Language ProcessingRoboticsAI SecurityMachine Learning

Keywords

Visual BackdoorMLLMEmbodied AgentsAI SecurityAdversarial AttacksRobustnessContrastive LearningObject TriggersAI SafetyRoboticsSFTTrigger Learning

Academic Context

#AI Security#Robustness of AI Systems#Embodied AI#Multimodal AI#Adversarial Machine Learning

Commercial Potential

Potential Products
AI security testing toolsRobustness evaluation frameworks
Target Industries
TechnologyRoboticsAutonomous VehiclesSecurity
Use Case Examples
Demonstrating how an attacker could manipulate a robot's behavior using visual triggersTesting the security of AI systems used in critical infrastructure
Competitive Edge
Presents the first framework for visual backdoor attacks on MLLM embodied agents, establishing a new threat model and research direction in AI security.
Market Opportunity
Growing market for AI security solutions and research.
Revenue Models
Research publicationssecurity consulting.

Resource Requirements

Compute Needs
Moderate to High (for training and attack simulation)
Data Requirements
Requires diverse datasets of scenes, objects, and agent behaviors.
Deployment Constraints
Ethical considerations regarding the use of attack frameworks.
Scalability
Scalability depends on the complexity of the MLLM and the embodied agent.

Production Readiness

Maturity Level

Research

Time to Market

N/A (research focus)

Patent Potential

Low (attack framework)

View Full Paper Back to Papers