Go to TMLR homepageSafeGenes: Evaluating the Adversarial Robustness of Genomic Foundation Models
Abstract: Genomic Foundation Models (GFMs), such as Evolutionary Scale Modeling (ESM), have demonstrated significant success in variant effect prediction. However, their adversarial robustness remains largely unexplored. To address this gap, we propose \textbf{SafeGenes}: a framework for \underline{S}ecure \underline{a}nalysis of genomic \underline{f}oundation mod\underline{e}ls, leveraging adversarial attacks to evaluate robustness against both engineered near-identical adversarial \underline{Genes} and embedding-space manipulations. In this study, we assess the adversarial vulnerabilities of GFMs using two approaches: the Fast Gradient Sign Method (FGSM) and a soft prompt attack. FGSM introduces minimal perturbations to input sequences, while the soft prompt attack optimizes continuous embeddings to manipulate model predictions without modifying the input tokens. By combining these techniques, SafeGenes provides a comprehensive assessment of GFM susceptibility to adversarial manipulation. Targeted soft prompt attacks induced severe degradation in MLM‑based shallow architectures such as ProteinBERT, while still producing substantial failure modes even in high‑capacity foundation models such as ESM1b and ESM1v. These findings expose critical vulnerabilities in current foundation models, opening new research directions toward improving their security and robustness in high-stakes genomic applications such as variant effect prediction.
Submission Length: Long submission (more than 12 pages of main content)
Assigned Action Editor: ~Jean_Kossaifi1
Submission Number: 5807
Loading