This work systematically evaluates the adversarial robustness of time-series foundation models (TSFMs) under zero-shot forecasting, revealing their extreme vulnerability to minute input perturbations—causing catastrophic failures including trend reversal, temporal shift, and magnitude distortion. Methodologically, we conduct the first cross-domain empirical study of mainstream TSFMs (e.g., PatchTST, TimesNet) across seven standard benchmarks (ETT, Weather, Traffic, etc.), propose a robustness-enhancement pathway integrating structural sparsity constraints and multi-task pretraining, and establish a unified evaluation framework incorporating FGSM/PGD attacks, multi-model baselines, and multi-domain datasets. Our contributions include: (1) reproducible, standardized benchmarking protocols for TSFM adversarial robustness; (2) empirically validated architectural principles for robust design; and (3) actionable guidelines for secure deployment of TSFMs in safety-critical forecasting applications.

Time Series Foundation Models (TSFMs), which are pretrained on large-scale, cross-domain data and capable of zero-shot forecasting in new scenarios without further training, are increasingly adopted in real-world applications. However, as the zero-shot forecasting paradigm gets popular, a critical yet overlooked question emerges: Are TSFMs robust to adversarial input perturbations? Such perturbations could be exploited in man-in-the-middle attacks or data poisoning. To address this gap, we conduct a systematic investigation into the adversarial robustness of TSFMs. Our results show that even minimal perturbations can induce significant and controllable changes in forecast behaviors, including trend reversal, temporal drift, and amplitude shift, posing serious risks to TSFM-based services. Through experiments on representative TSFMs and multiple datasets, we reveal their consistent vulnerabilities and identify potential architectural designs, such as structural sparsity and multi-task pretraining, that may improve robustness. Our findings offer actionable guidance for designing more resilient forecasting systems and provide a critical assessment of the adversarial robustness of TSFMs.