What is an adversarial example and how can an attacker exploit it in inference?

An adversarial example is an input that has been subtly perturbed in ways that are often imperceptible to humans but cause a model to misclassify it during inference. Attackers exploit this by feeding these crafted inputs to the deployed model, making it produce incorrect outputs, which can be used to bypass detectors, cause incorrect decisions, or degrade system performance. The other descriptions don’t capture this phenomenon: a normal data point that is classified correctly isn’t adversarial, adding noise to training data is about robustness during learning rather than at inference, and updating model parameters without validation describes a process risk rather than input manipulation at inference.