arXiv: Explainability-Aware Frustum Attack: Exposing Structural Vulnerabilities in LiDAR-Based 3D Object Detectors

This publication, released on 29 June 2026, presents a novel adversarial attack method called the Explainability-Aware Frustum Attack, which targets LiDAR-based 3D object detectors commonly used in autonomous vehicles and robotics. The research demonstrates how an attacker can exploit the explainability features of these AI systems to craft physical-world perturbations that cause the detector to misclassify or fail to detect objects, such as pedestrians or vehicles. This is not a regulatory publication but a technical paper that exposes a structural vulnerability in current AI safety mechanisms, directly relevant to the EU AI Act’s requirements for robustness and accuracy in high-risk AI systems.

Organizations most affected include automotive manufacturers, autonomous mobility service providers, and any sector deploying LiDAR-based perception systems, such as logistics, drones, and industrial robotics. Compliance teams in these sectors must treat this as a risk signal for their AI safety documentation and conformity assessments under the AI Act. The attack undermines the reliability of explainability tools, which are often used to demonstrate compliance with transparency and robustness obligations.

Compliance teams should immediately review their AI system’s vulnerability to adversarial perturbations, particularly if they rely on LiDAR data. They should update their risk management documentation to include this attack vector and assess whether their current testing and validation procedures cover such structural exploits. Engaging with technical teams to implement defensive measures, such as adversarial training or input sanitization, is strongly recommended. Finally, monitor the EU AI Office and relevant standards bodies for potential guidance on adversarial robustness testing for high-risk AI systems.