Textbook of AI

Abstract. Introduces the Carlini-Wagner (C&W) attack, an optimisation-based adversarial attack that minimises perturbation $\ell_p$ norm subject to misclassification. Replaces the hard misclassification constraint with a smooth surrogate based on the logit gap and tunes a careful optimiser schedule. The C&W attack consistently produced smaller perturbations than the FGSM and PGD baselines of the time and exposed numerous "broken" defences that had only worked because the evaluators had used weaker attacks. C&W is the standard reference white-box attack in the adversarial-robustness literature.