The Butterfly Effect in Pathology: Exploring Security in Pathology Foundation Models
Journal:
arXiv
Published Date:
May 30, 2025
Abstract
With the widespread adoption of pathology foundation models in both research
and clinical decision support systems, exploring their security has become a
critical concern. However, despite their growing impact, the vulnerability of
these models to adversarial attacks remains largely unexplored. In this work,
we present the first systematic investigation into the security of pathology
foundation models for whole slide image~(WSI) analysis against adversarial
attacks. Specifically, we introduce the principle of \textit{local perturbation
with global impact} and propose a label-free attack framework that operates
without requiring access to downstream task labels. Under this attack
framework, we revise four classical white-box attack methods and redefine the
perturbation budget based on the characteristics of WSI. We conduct
comprehensive experiments on three representative pathology foundation models
across five datasets and six downstream tasks. Despite modifying only 0.1\% of
patches per slide with imperceptible noise, our attack leads to downstream
accuracy degradation that can reach up to 20\% in the worst cases. Furthermore,
we analyze key factors that influence attack success, explore the relationship
between patch-level vulnerability and semantic content, and conduct a
preliminary investigation into potential defence strategies. These findings lay
the groundwork for future research on the adversarial robustness and reliable
deployment of pathology foundation models. Our code is publicly available at:
https://github.com/Jiashuai-Liu-hmos/Attack-WSI-pathology-foundation-models.
