AI systems deployed in safety-critical applications are vulnerable to transferable adversarial attacks across models, domains, modalities, and even hardware platforms—posing severe threats to security and robustness. To address this, we propose the first unified four-dimensional modeling framework for transferable attacks, spanning data, process, model, and system levels, and covering multimodal inputs (images, text, graphs, audio, video) and high-stakes applications (autonomous driving, speech recognition, large language models—LLMs). We introduce a cyber-physical security–oriented cross-domain attack analysis framework, uncovering novel transferability risks in LLMs; construct the first comprehensive knowledge graph of transferable attacks, explicitly characterizing underlying mechanisms and boundary conditions; and synthesize six open research directions. Our work provides a systematic foundation for advancing AI robustness theory and principled defense design.

Artificial Intelligence (AI) systems such as autonomous vehicles, facial recognition, and speech recognition systems are increasingly integrated into our daily lives. However, despite their utility, these AI systems are vulnerable to a wide range of attacks such as adversarial, backdoor, data poisoning, membership inference, model inversion, and model stealing attacks. In particular, numerous attacks are designed to target a particular model or system, yet their effects can spread to additional targets, referred to as transferable attacks. Although considerable efforts have been directed toward developing transferable attacks, a holistic understanding of the advancements in transferable attacks remains elusive. In this paper, we comprehensively explore learning-based attacks from the perspective of transferability, particularly within the context of cyber-physical security. We delve into different domains -- the image, text, graph, audio, and video domains -- to highlight the ubiquitous and pervasive nature of transferable attacks. This paper categorizes and reviews the architecture of existing attacks from various viewpoints: data, process, model, and system. We further examine the implications of transferable attacks in practical scenarios such as autonomous driving, speech recognition, and large language models (LLMs). Additionally, we outline the potential research directions to encourage efforts in exploring the landscape of transferable attacks. This survey offers a holistic understanding of the prevailing transferable attacks and their impacts across different domains.