SafeGenes: Evaluating the Adversarial Robustness of Genomic Foundation Models
This addresses security concerns for researchers and practitioners using GFMs in high-stakes genomic applications, such as variant effect prediction, and is incremental as it applies existing adversarial techniques to a new domain.
The paper tackled the problem of adversarial robustness in Genomic Foundation Models (GFMs) by proposing SafeGenes, a framework that uses adversarial attacks to evaluate vulnerabilities, finding that targeted soft prompt attacks caused substantial performance degradation in models like ESM1b and ESM1v.
Genomic Foundation Models (GFMs), such as Evolutionary Scale Modeling (ESM), have demonstrated significant success in variant effect prediction. However, their adversarial robustness remains largely unexplored. To address this gap, we propose SafeGenes: a framework for Secure analysis of genomic foundation models, leveraging adversarial attacks to evaluate robustness against both engineered near-identical adversarial Genes and embedding-space manipulations. In this study, we assess the adversarial vulnerabilities of GFMs using two approaches: the Fast Gradient Sign Method (FGSM) and a soft prompt attack. FGSM introduces minimal perturbations to input sequences, while the soft prompt attack optimizes continuous embeddings to manipulate model predictions without modifying the input tokens. By combining these techniques, SafeGenes provides a comprehensive assessment of GFM susceptibility to adversarial manipulation. Targeted soft prompt attacks led to substantial performance degradation, even in large models such as ESM1b and ESM1v. These findings expose critical vulnerabilities in current foundation models, opening new research directions toward improving their security and robustness in high-stakes genomic applications such as variant effect prediction.