AdvSplat: Adversarial Attacks on Feed-Forward Gaussian Splatting Models

A research team led by Yiran Qiao has published AdvSplat, the first comprehensive investigation into the security vulnerabilities of feed-forward 3D Gaussian Splatting (3DGS) models. Unlike traditional 3DGS, which requires per-scene optimization, feed-forward models use neural networks to rapidly reconstruct 3D scenes from just a few images after large-scale pretraining. This makes them highly scalable and commercially attractive for applications like augmented reality and robotics. However, AdvSplat demonstrates that this neural network backbone introduces a critical weakness: susceptibility to adversarial attacks.

The researchers developed two practical, query-efficient black-box attack methods that work without any access to the model's internal parameters or gradients. Both algorithms optimize subtle pixel-space perturbations through a frequency-domain parameterization, making the changes nearly invisible to the human eye. Extensive testing across multiple datasets proved these attacks can severely degrade reconstruction quality, causing the model to output corrupted or nonsensical 3D geometry from sabotaged input images.

This work surfaces a previously overlooked but urgent security challenge for a technology poised for widespread commercial deployment. The findings suggest that as feed-forward 3DGS models move toward real-world applications in sensitive domains, robustness against adversarial manipulation must become a primary design consideration alongside speed and fidelity.