Core Viewpoint - The approval of L3 autonomous driving vehicles by the Ministry of Industry and Information Technology marks a new phase in China's autonomous driving industry, but the emergence of physical adversarial examples (PAE) poses significant safety risks for these systems [1][2]. Group 1: DynamicPAE Framework - The DynamicPAE framework has been developed to address the challenges of real-time generation of physical adversarial examples, achieving millisecond-level generation in dynamic environments [4][5]. - This framework combines feedback issues in adversarial training with residual-guided adversarial pattern exploration and scene alignment techniques, enhancing the efficiency and optimization of PAE generation [5][6]. Group 2: Challenges in Adversarial Sample Generation - Two core challenges in adversarial sample generation are identified: noise in adversarial training hinders effective exploration of scene-related PAEs, leading to training degradation, and the difficulty in aligning digital adversarial samples with real-world scenarios [6][7]. - The DynamicPAE framework effectively addresses these challenges through innovative design, ensuring stable PAE generation that adapts in real-time to various environments [6][7]. Group 3: Performance and Application - The DynamicPAE framework demonstrates significant performance improvements in various physical attack scenarios, showcasing its potential applications in real-world autonomous driving safety tests and physical adversarial attacks [7]. - Experimental results indicate that DynamicPAE achieves an average inference time of only 12 milliseconds per adversarial sample on an NVIDIA A40 GPU, representing a speed increase of over 2000 times compared to traditional methods [26][27]. Group 4: Experimental Validation - In experiments using the COCO and Inria datasets, DynamicPAE achieved a 58.8% drop in average precision (AP) for strong models like DETR, resulting in a 2.07 times increase in attack success rate [25]. - The framework's adaptability to dynamic physical environments was validated through tests involving lighting changes and varying perspectives, demonstrating its robustness and effectiveness in maintaining attack efficacy [34].