This work addresses the previously underexplored adversarial vulnerability of feedforward 3D Gaussian Splatting (3DGS) models in practical applications. It presents the first systematic investigation into their robustness, introducing a white-box gradient-based attack and two efficient black-box attack strategies that inject imperceptible perturbations in pixel space by leveraging frequency-domain parameterization combined with either gradient estimation or gradient-free optimization. Experimental results across multiple datasets demonstrate that the proposed methods significantly degrade 3D reconstruction quality without requiring access to internal model parameters, thereby exposing critical security risks inherent in 3DGS pipelines and establishing a foundational benchmark for future research on robustness enhancement.

3D Gaussian Splatting (3DGS) is increasingly recognized as a powerful paradigm for real-time, high-fidelity 3D reconstruction. However, its per-scene optimization pipeline limits scalability and generalization, and prevents efficient inference. Recently emerged feed-forward 3DGS models address these limitations by enabling fast reconstruction from a few input views after large-scale pretraining, without scene-specific optimization. Despite their advantages and strong potential for commercial deployment, the use of neural networks as the backbone also amplifies the risk of adversarial manipulation. In this paper, we introduce AdvSplat, the first systematic study of adversarial attacks on feed-forward 3DGS. We first employ white-box attacks to reveal fundamental vulnerabilities of this model family. We then develop two improved, practically relevant, query-efficient black-box algorithms that optimize pixel-space perturbations via a frequency-domain parameterization: one based on gradient estimation and the other gradient-free, without requiring any access to model internals. Extensive experiments across multiple datasets demonstrate that AdvSplat can significantly disrupt reconstruction results by injecting imperceptible perturbations into the input images. Our findings surface an overlooked yet urgent problem in this domain, and we hope to draw the community's attention to this emerging security and robustness challenge.