3D vision perception systems—deployed in safety-critical applications such as face recognition and autonomous driving—are vulnerable to adversarial attacks. Method: This paper proposes the first embodied active defense framework, departing from passive defenses reliant on predefined assumptions. It employs reinforcement learning to enable adaptive agent–3D-environment interaction, integrating prediction entropy minimization, multi-step objective optimization, and policy learning in non-differentiable environments—enabling efficient, gradient-free defense strategy exploration. Contribution/Results: Key innovations include uncertainty-driven reward shaping and joint optimization of multi-step policies. Experiments demonstrate substantial reductions in success rates across diverse adversarial attacks while preserving original task accuracy. The framework exhibits strong generalization to unseen and adaptive attacks, and its effectiveness is validated across multiple 3D vision tasks.

Adversarial attacks in 3D environments have emerged as a critical threat to the reliability of visual perception systems, particularly in safety-sensitive applications such as identity verification and autonomous driving. These attacks employ adversarial patches and 3D objects to manipulate deep neural network (DNN) predictions by exploiting vulnerabilities within complex scenes. Existing defense mechanisms, such as adversarial training and purification, primarily employ passive strategies to enhance robustness. However, these approaches often rely on pre-defined assumptions about adversarial tactics, limiting their adaptability in dynamic 3D settings. To address these challenges, we introduce Reinforced Embodied Active Defense (Rein-EAD), a proactive defense framework that leverages adaptive exploration and interaction with the environment to improve perception robustness in 3D adversarial contexts. By implementing a multi-step objective that balances immediate prediction accuracy with predictive entropy minimization, Rein-EAD optimizes defense strategies over a multi-step horizon. Additionally, Rein-EAD involves an uncertainty-oriented reward-shaping mechanism that facilitates efficient policy updates, thereby reducing computational overhead and supporting real-world applicability without the need for differentiable environments. Comprehensive experiments validate the effectiveness of Rein-EAD, demonstrating a substantial reduction in attack success rates while preserving standard accuracy across diverse tasks. Notably, Rein-EAD exhibits robust generalization to unseen and adaptive attacks, making it suitable for real-world complex tasks, including 3D object classification, face recognition and autonomous driving.