Hugging Face's logo

IntelligenceLab
/
saber-attack-agent-action-inflation

Robotics
PEFT
Safetensors
saber
adversarial-attack
vla
lora
grpo
qwen2.5
libero
Model card Files
xet
 Community
saber-attack-agent-action-inflation / README.md
wuxiyang's picture
wuxiyang
Simplify model card: brief, clear LoRA description
0881e86 verified
preview code
|
raw
history blame contribute delete
2.4 kB
---
library_name: peft
base_model: Qwen/Qwen2.5-3B-Instruct
tags:
 - saber
 - adversarial-attack
 - vla
 - robotics
 - lora
 - grpo
 - qwen2.5
 - libero
license: bsd-3-clause
---
# SABER Attack Agent — Action Inflation
**LoRA adapter** (rank 8) for [`Qwen/Qwen2.5-3B-Instruct`](https://huggingface.co/Qwen/Qwen2.5-3B-Instruct), trained with GRPO to generate adversarial instruction perturbations targeting inflating action sequences (victim VLA takes unnecessarily many steps).
Part of the **SABER** framework: **[Paper](https://arxiv.org/abs/2603.24935)** | **[GitHub](https://github.com/wuxiyang1996/SABER)**
## Details
| | |
|---|---|
| **Type** | LoRA adapter (`adapter_model.safetensors`) |
| **Base model** | [`Qwen/Qwen2.5-3B-Instruct`](https://huggingface.co/Qwen/Qwen2.5-3B-Instruct) |
| **Attack objective** | `action_inflation` |
| **Training** | Cold-start SFT → GRPO (step 50) on LIBERO |
| **LoRA config** | r=8, alpha=16, all attn + MLP projections |
| **Victim VLA (training)** | Pi0.5 (OpenPI) |
## Quick Start
```python
from peft import PeftModel
from transformers import AutoModelForCausalLM, AutoTokenizer
base = AutoModelForCausalLM.from_pretrained("Qwen/Qwen2.5-3B-Instruct", torch_dtype="bfloat16", device_map="auto")
tokenizer = AutoTokenizer.from_pretrained("Qwen/Qwen2.5-3B-Instruct")
model = PeftModel.from_pretrained(base, "IntelligenceLab/saber-attack-agent-action-inflation")
```
## Full Pipeline
For the complete attack pipeline (ReAct tool-calling, VLA rollouts, LIBERO evaluation):
```bash
git clone https://github.com/wuxiyang1996/SABER && cd SABER && bash install.sh
python eval_attack_vla.py \
 --victim openpi_pi05 \
 --objective action_inflation \
 --attack_gpus 2,3 --vla_gpu 0
```
See the [GitHub repo](https://github.com/wuxiyang1996/SABER) for training, evaluation, and cross-model transfer instructions.
## Citation
```bibtex
@misc{wu2026saber,
 title={SABER: A Stealthy Agentic Black-Box Attack Framework for Vision-Language-Action Models},
 author={Xiyang Wu and Guangyao Shi and Qingzi Wang and Zongxia Li and Amrit Singh Bedi and Dinesh Manocha},
 year={2026},
 eprint={2603.24935},
 archivePrefix={arXiv},
 primaryClass={cs.RO},
}
```
## License
BSD 3-Clause — see [https://github.com/wuxiyang1996/SABER/blob/main/LICENSE](https://github.com/wuxiyang1996/SABER/blob/main/LICENSE).