Core Viewpoint - The article discusses the introduction of a novel adversarial attack generation framework called Dual-Flow, developed by Tsinghua University and Ant Group, which can generate effective adversarial samples without relying on the target model structure or gradients, posing significant challenges to AI security [2][5]. Group 1: Dual-Flow Framework - Dual-Flow learns "universal perturbation patterns" from vast image datasets, enabling it to launch black-box attacks across various models and categories [2][5]. - The framework employs a "forward perturbation modeling - conditional backward optimization" dual-flow structure, achieving high transferability and success rates for adversarial samples while maintaining low visual differences [2][5][8]. - It acts as a "controllable adversarial sample generator," allowing users to specify target image categories for automatic generation of realistic and effective attack images [2][5]. Group 2: Limitations of Traditional Methods - Traditional methods face two major limitations: instance-specific attacks, which have high success rates but are limited to single images and lack transferability [6], and instance-agnostic attacks, which have limited transferability and lower success rates when targeting multiple models or categories [7][8]. Group 3: Innovations of Dual-Flow - The core innovation of Dual-Flow lies in its forward and backward flow structure, which generates more natural, concealed, and structured perturbations compared to traditional pixel-level noise methods, while maintaining high transferability [9][22]. - Dual-Flow's unified framework supports multi-target and instance-agnostic attack capabilities, allowing a single generator to cover multiple categories and models, significantly reducing costs and enhancing practicality [10][22]. Group 4: Experimental Results - Experimental results on the ImageNet NeurIPS validation set indicate that Dual-Flow demonstrates strong transferability in both single-target and multi-target attacks, with average success rates significantly higher than traditional methods in black-box environments [17][18]. - Even against adversarially trained models, Dual-Flow maintains high success rates, showcasing its generality and powerful attack capabilities in real-world scenarios [19][22]. - The technology has been integrated into Ant Group's identity security products, optimizing capabilities for adversarial sample generation and detection, thereby enhancing the robustness of defense systems against adversarial samples [24].