This work addresses the vulnerability of vision-language-action (VLA) models to backdoor attacks targeting the visual pathway, where gradient interference renders conventional defense methods ineffective. To overcome this challenge, the authors propose the Adaptive Threat-Aware Adversarial Tuning (ATAAT) framework, which employs a threat-method adaptive mapping mechanism to intelligently select the optimal gradient decoupling strategy. ATAAT pioneers an implicit decoupling attack at the semantic trigger level, effectively circumventing the gradient interference bottleneck. By integrating adaptive gradient decoupling with end-to-end adversarial tuning, the framework achieves over 80% targeted attack success rate with only a 5% poisoning ratio, substantially enhancing both attack stealthiness and efficacy. This study thus exposes critical security weaknesses in VLA models under realistic threat scenarios.

Addressing the escalating security vulnerabilities in Vision-Language-Action (VLA) models, this study investigates backdoor attacks targeting the visual pathway. We identify a core obstacle causing the failure of traditional attack paradigms: "Gradient Interference." This phenomenon represents an optimization failure triggered by conflicting strategies during end-to-end training. To resolve this, we propose an Adaptive Threat-Aware Adversarial Tuning (ATAAT) framework. Through its core "Threat-Method Adaptive Mapping" mechanism, ATAAT intelligently selects the optimal gradient decoupling strategy based on the adversary's capabilities. Extensive experiments demonstrate that ATAAT exhibits significant advantages, achieving a highly robust Targeted Attack Success Rate (TASR > 80%) while maintaining extreme stealthiness with merely a 5% poisoning rate. It efficiently handles complex semantic-level triggers and achieves implicit decoupled attacks in data poisoning scenarios for the first time. This work reveals a critical security vulnerability in VLAs and provides theoretical and methodological support for future defense architectures.