Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Models + X'

Models & Benchmarks · · David Kowalski · ~4 min read

Author

David Kowalski · Developer Tools & Agents Editor

Coding agents and IDE workflows tested the way working teams use them.

About this contributor →

As developers integrating foundation models into production pipelines, we face a growing anxiety: the very generative power that makes these tools useful also makes them fragile. When an autonomous vehicle or medical diagnostic system is pushed by adversarial inputs, it’s not just a bug—it’s a safety failure. The upcoming CVPR 2025 Workshop on Adversarial Machine Learning tackles this head-on with its “Foundation Models + X” theme, focusing on how domain-specific applications (XFM) can remain robust against these threats.

I read the call for papers from the AdvML Team and followed the details for the 5th Workshop on Adversarial Machine Learning, co-organized by Beihang University, Zhongguancun Laboratory, and Nanyang Technological University. The event is part of the IEEE/CVF International Conference on Computer Vision and Pattern Recognition (CVPR), a top-tier academic conference in artificial intelligence, taking place from June 11 to June 15, 2025, in Tennessee, USA.

Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Mo… — figure 2

Thematic Focus: Foundation Models + X

The workshop centers on the intersection of powerful generative foundation models (FM) and their specialized, domain-specific variants (XFM). While FMs have revolutionized fields like computer vision, XFMs—such as those for autonomous driving or medical diagnosis—are built through curated datasets and architecture modifications to handle professional tasks. However, as these applications expand, they become increasingly vulnerable to adversarial attacks. These attacks can cause incorrect classifications of inputs or force the model to generate outputs desired by adversaries, posing significant risks to safety-critical systems.

I think robustness isn’t optional for safety-critical AI; it’s a baseline requirement. I want to see benchmarks that test real-world adversarial scenarios, not just lab metrics. As a builder, domain-specific fine-tuning often introduces new vulnerabilities we need to understand better.

Call for Papers

The workshop invites submissions on topics including but not limited to:

  • Robustness of X-domain-specific foundation models
  • Adversarial attacks on computer vision tasks
  • Improving the robustness of deep learning systems
  • Interpreting and understanding model robustness, especially foundation models
  • Adversarial attacks for social good
  • Datasets and benchmarks that evaluate foundation model robustness

A Best Workshop Paper Award has been established for this track.

Important Dates

  • Paper Submission Opens: February 1, 2025
  • Abstract Submission Deadline: March 15, 2025
  • Full Paper Submission Deadline: March 20, 2025
  • Notification of Acceptance: March 31, 2025
  • Final Version Submission: April 7, 2025

Keynote Speakers

Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Mo… — figure 3

More speakers are expected to be announced soon.

Organizing Committee

Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Mo… — figure 4

Program Committee

Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Mo… — figure 5

The Red Team Challenge

Beyond the academic papers, this workshop is launching a competition that targets the fragile edges of Multimodal Large Language Models (MLLMs). As an editor who spends time thinking about how these models fail in production, I find the focus on adversarial attacks particularly relevant. The goal isn’t just to break things for fun; it’s to expose vulnerabilities by designing image-text pairs that trigger harmful, inappropriate, or illegal outputs from a “red team” perspective.

The competition is structured in two distinct stages: preliminary and final rounds. In the preliminary phase, organizers provide specific harmful text queries across various risk categories. Participants must then craft corresponding adversarial images to induce safety-risk outputs. The final round ramps up the difficulty with more complex harmful text queries, aiming for the same objective but under tougher conditions.

Personally, red teaming MLLMs is no longer optional; it’s a requirement for safe deployment. I think visual prompts are becoming just as dangerous as textual jailbreaks in production systems. As a builder, we need standardized benchmarks for multimodal safety, not just ad-hoc testing.

Success in this challenge will be measured strictly by attack success rates in the final round. Winning teams will be determined based on these metrics, highlighting the tangible impact of their adversarial strategies. This process aims to drive innovation in security technologies and provide concrete directions for improving future model development.

Detailed competition information will be announced later on the workshop website. Global researchers are encouraged to stay tuned and participate if you’re interested in pushing the boundaries of model robustness.

Challenge Chair:

Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Mo… — figure 6

Competition Organizers and Co-organizers:

Call for Papers Countdown! CVPR 2025 Workshops to Discuss Robustness Challenges in 'Foundation Mo… — figure 7

The 5th CVPR Workshop on Adversarial Machine Learning
https://cvpr25-advml.github.io/ Paper Submission Portal: https://openreview.net/group?id=thecvf.com/CVPR/2025/Workshop/Advml

Comments

Latest Headlines