Evaluating the Impact of Adversarial Patch Attacks on YOLO Models and the Implications for Edge AI Security

Machine learning (ML) and deep learning methods have demonstrated exceptional performance in diverse domains, including computer vision, speech and face recognition, autonomous vehicles, the Internet of Things, and cybersecurity. Despite these advances, the vulnerability of ML systems to adversarial attacks, which introduce perturbations to fool classifiers and detectors, poses significant security challenges. As the artificial intelligence (AI) industry increasingly adopts edge computing, the security of AI models becomes critical. Edge devices, constrained by limited computational resources, must run smaller models to achieve comparable latency to cloud-based models on more powerful servers. This work evaluates the impact of adversarial attacks-malicious perturbations designed to degrade the accuracy and reliability of ML models-on recent YOLO detectors from the widely used Ultralytics framework. Specifically, we focus on adversarial patches-carefully crafted patterns overlaid on an image to mislead object detectors into ignoring or misclassifying objects. We create effective naturalistic adversarial patches for recent versions of the Ultralytics YOLO models (YOLOv5, YOLOv8, YOLOv9, and YOLOv10) by upgrading an existing state-of-the-art patch generation approach designed for an earlier YOLOv4 model. We evaluate the attacks on the INRIA and on the MPII datasets across multiple YOLO models. The experimental results demonstrate high effectiveness in object detection evasion in recent models. The results suggest that larger models are more robust to adversarial attacks than their smaller counterparts. We run inference experiments on edge AI devices to highlight the response time improvement achieved by using smaller models, albeit at a higher risk of attack.