On the Robustness of Tabular Foundation Models: Test-Time Attacks and In-Context Defenses
Journal:
arXiv
Published Date:
Jun 3, 2025
Abstract
Recent tabular Foundational Models (FM) such as TabPFN and TabICL, leverage
in-context learning to achieve strong performance without gradient updates or
fine-tuning. However, their robustness to adversarial manipulation remains
largely unexplored. In this work, we present a comprehensive study of the
adversarial vulnerabilities of tabular FM, focusing on both their fragility to
targeted test-time attacks and their potential misuse as adversarial tools. We
show on three benchmarks in finance, cybersecurity and healthcare, that small,
structured perturbations to test inputs can significantly degrade prediction
accuracy, even when training context remain fixed. Additionally, we demonstrate
that tabular FM can be repurposed to generate transferable evasion to
conventional models such as random forests and XGBoost, and on a lesser extent
to deep tabular models. To improve tabular FM, we formulate the robustification
problem as an optimization of the weights (adversarial fine-tuning), or the
context (adversarial in-context learning). We introduce an in-context
adversarial training strategy that incrementally replaces the context with
adversarial perturbed instances, without updating model weights. Our approach
improves robustness across multiple tabular benchmarks. Together, these
findings position tabular FM as both a target and a source of adversarial
threats, highlighting the urgent need for robust training and evaluation
practices in this emerging paradigm.
