Hugging Face's logo

IntelligenceLab
/
saber-attack-agent-action-inflation

Robotics
PEFT
Safetensors
saber
adversarial-attack
vla
lora
grpo
qwen2.5
libero
Model card Files
xet
 Community
saber-attack-agent-action-inflation
File size: 2,399 Bytes
6950774
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
0881e86
6950774
0881e86
6950774
0881e86
6950774
0881e86
 
 
 
 
 
 
 
6950774
0881e86
6950774
 
 
 
 
0881e86
6950774
0881e86
6950774
 
0881e86
6950774
0881e86
6950774
 
0881e86
6950774
 
 
 
0881e86
6950774
 
0881e86
6950774
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
0881e86
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
---
library_name: peft
base_model: Qwen/Qwen2.5-3B-Instruct
tags:
  - saber
  - adversarial-attack
  - vla
  - robotics
  - lora
  - grpo
  - qwen2.5
  - libero
license: bsd-3-clause
---

# SABER Attack Agent — Action Inflation

**LoRA adapter** (rank 8) for [`Qwen/Qwen2.5-3B-Instruct`](https://huggingface.co/Qwen/Qwen2.5-3B-Instruct), trained with GRPO to generate adversarial instruction perturbations targeting inflating action sequences (victim VLA takes unnecessarily many steps).

Part of the **SABER** framework: **[Paper](https://arxiv.org/abs/2603.24935)** | **[GitHub](https://github.com/wuxiyang1996/SABER)**

## Details

| | |
|---|---|
| **Type** | LoRA adapter (`adapter_model.safetensors`) |
| **Base model** | [`Qwen/Qwen2.5-3B-Instruct`](https://huggingface.co/Qwen/Qwen2.5-3B-Instruct) |
| **Attack objective** | `action_inflation` |
| **Training** | Cold-start SFT → GRPO (step 50) on LIBERO |
| **LoRA config** | r=8, alpha=16, all attn + MLP projections |
| **Victim VLA (training)** | Pi0.5 (OpenPI) |

## Quick Start

```python
from peft import PeftModel
from transformers import AutoModelForCausalLM, AutoTokenizer

base = AutoModelForCausalLM.from_pretrained("Qwen/Qwen2.5-3B-Instruct", torch_dtype="bfloat16", device_map="auto")
tokenizer = AutoTokenizer.from_pretrained("Qwen/Qwen2.5-3B-Instruct")
model = PeftModel.from_pretrained(base, "IntelligenceLab/saber-attack-agent-action-inflation")
```

## Full Pipeline

For the complete attack pipeline (ReAct tool-calling, VLA rollouts, LIBERO evaluation):

```bash
git clone https://github.com/wuxiyang1996/SABER && cd SABER && bash install.sh

python eval_attack_vla.py \
    --victim openpi_pi05 \
    --objective action_inflation \
    --attack_gpus 2,3 --vla_gpu 0
```

See the [GitHub repo](https://github.com/wuxiyang1996/SABER) for training, evaluation, and cross-model transfer instructions.

## Citation

```bibtex
@misc{wu2026saber,
      title={SABER: A Stealthy Agentic Black-Box Attack Framework for Vision-Language-Action Models},
      author={Xiyang Wu and Guangyao Shi and Qingzi Wang and Zongxia Li and Amrit Singh Bedi and Dinesh Manocha},
      year={2026},
      eprint={2603.24935},
      archivePrefix={arXiv},
      primaryClass={cs.RO},
}
```

## License

BSD 3-Clause — see [https://github.com/wuxiyang1996/SABER/blob/main/LICENSE](https://github.com/wuxiyang1996/SABER/blob/main/LICENSE).