Saved in:
Bibliographic Details
Main Authors: Liu, Jiashuai, Shang, Yingjia, Zhan, Yingkang, Zhang, Di, Niu, Yi, Wei, Dong, Wu, Xian, Gao, Zeyu, Li, Chen, Zheng, Yefeng
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.24141
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915313185980416
author Liu, Jiashuai
Shang, Yingjia
Zhan, Yingkang
Zhang, Di
Niu, Yi
Wei, Dong
Wu, Xian
Gao, Zeyu
Li, Chen
Zheng, Yefeng
author_facet Liu, Jiashuai
Shang, Yingjia
Zhan, Yingkang
Zhang, Di
Niu, Yi
Wei, Dong
Wu, Xian
Gao, Zeyu
Li, Chen
Zheng, Yefeng
contents With the widespread adoption of pathology foundation models in both research and clinical decision support systems, exploring their security has become a critical concern. However, despite their growing impact, the vulnerability of these models to adversarial attacks remains largely unexplored. In this work, we present the first systematic investigation into the security of pathology foundation models for whole slide image~(WSI) analysis against adversarial attacks. Specifically, we introduce the principle of \textit{local perturbation with global impact} and propose a label-free attack framework that operates without requiring access to downstream task labels. Under this attack framework, we revise four classical white-box attack methods and redefine the perturbation budget based on the characteristics of WSI. We conduct comprehensive experiments on three representative pathology foundation models across five datasets and six downstream tasks. Despite modifying only 0.1\% of patches per slide with imperceptible noise, our attack leads to downstream accuracy degradation that can reach up to 20\% in the worst cases. Furthermore, we analyze key factors that influence attack success, explore the relationship between patch-level vulnerability and semantic content, and conduct a preliminary investigation into potential defence strategies. These findings lay the groundwork for future research on the adversarial robustness and reliable deployment of pathology foundation models. Our code is publicly available at: https://github.com/Jiashuai-Liu-hmos/Attack-WSI-pathology-foundation-models.
format Preprint
id arxiv_https___arxiv_org_abs_2505_24141
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle The Butterfly Effect in Pathology: Exploring Security in Pathology Foundation Models
Liu, Jiashuai
Shang, Yingjia
Zhan, Yingkang
Zhang, Di
Niu, Yi
Wei, Dong
Wu, Xian
Gao, Zeyu
Li, Chen
Zheng, Yefeng
Computer Vision and Pattern Recognition
Artificial Intelligence
With the widespread adoption of pathology foundation models in both research and clinical decision support systems, exploring their security has become a critical concern. However, despite their growing impact, the vulnerability of these models to adversarial attacks remains largely unexplored. In this work, we present the first systematic investigation into the security of pathology foundation models for whole slide image~(WSI) analysis against adversarial attacks. Specifically, we introduce the principle of \textit{local perturbation with global impact} and propose a label-free attack framework that operates without requiring access to downstream task labels. Under this attack framework, we revise four classical white-box attack methods and redefine the perturbation budget based on the characteristics of WSI. We conduct comprehensive experiments on three representative pathology foundation models across five datasets and six downstream tasks. Despite modifying only 0.1\% of patches per slide with imperceptible noise, our attack leads to downstream accuracy degradation that can reach up to 20\% in the worst cases. Furthermore, we analyze key factors that influence attack success, explore the relationship between patch-level vulnerability and semantic content, and conduct a preliminary investigation into potential defence strategies. These findings lay the groundwork for future research on the adversarial robustness and reliable deployment of pathology foundation models. Our code is publicly available at: https://github.com/Jiashuai-Liu-hmos/Attack-WSI-pathology-foundation-models.
title The Butterfly Effect in Pathology: Exploring Security in Pathology Foundation Models
topic Computer Vision and Pattern Recognition
Artificial Intelligence
url https://arxiv.org/abs/2505.24141