This work addresses a critical security vulnerability in vision-language-action (VLA) models used in safety-critical robotic applications, where action chunking and pose-delta representations introduce an internal visual open-loop flaw that renders them susceptible to stealthy backdoor attacks. The authors propose SilentDrift, a black-box backdoor attack that, for the first time, exposes the security risks inherent in action chunking mechanisms. By leveraging a Smootherstep function to generate C²-continuous perturbations and selectively poisoning data during critical approach phases, SilentDrift ensures both kinematic consistency and high stealth. Evaluated on the LIBERO benchmark, the attack achieves a 93.2% success rate with a poisoning rate below 2%, while preserving a 95.3% success rate on clean tasks—producing adversarial trajectories visually indistinguishable from normal behavior.

Vision-Language-Action (VLA) models are increasingly deployed in safety-critical robotic applications, yet their security vulnerabilities remain underexplored. We identify a fundamental security flaw in modern VLA systems: the combination of action chunking and delta pose representations creates an intra-chunk visual open-loop. This mechanism forces the robot to execute K-step action sequences, allowing per-step perturbations to accumulate through integration. We propose SILENTDRIFT, a stealthy black-box backdoor attack exploiting this vulnerability. Our method employs the Smootherstep function to construct perturbations with guaranteed C2 continuity, ensuring zero velocity and acceleration at trajectory boundaries to satisfy strict kinematic consistency constraints. Furthermore, our keyframe attack strategy selectively poisons only the critical approach phase, maximizing impact while minimizing trigger exposure. The resulting poisoned trajectories are visually indistinguishable from successful demonstrations. Evaluated on the LIBERO, SILENTDRIFT achieves a 93.2% Attack Success Rate with a poisoning rate under 2%, while maintaining a 95.3% Clean Task Success Rate.