Adversarial artificial intelligence in radiology: Attacks, defenses, and future considerations - 22/05/25

Doi : 10.1016/j.diii.2025.05.006

Nicholas Dietrich ^a,^⁎ , Bo Gong ^b,^c, Michael N. Patlas ^b
^a Temerty Faculty of Medicine, University of Toronto, Toronto, ON M5S 1A8, Canada
^b Department of Medical Imaging, Temerty Faculty of Medicine, University of Toronto, Toronto, ON M5T 1W7, Canada
^c Department of Computer Science, University of Toronto, Toronto, ON M5S 2E4, Canada

^⁎Corresponding author.

Sous presse. Épreuves corrigées par l'auteur. Disponible en ligne depuis le Thursday 22 May 2025
Cet article a été publié dans un numéro de la revue, cliquez ici pour y accéder

Highlights

•	Radiology artificial intelligence systems are vulnerable to adversarial attacks that may be imperceptible to radiologists.
•	This review introduces adversarial attack techniques, clinical implications, and current defense strategies.
•	Future efforts should prioritize robust model training, lifecycle safeguards, and cross-disciplinary collaboration.

Le texte complet de cet article est disponible en PDF.

Abstract

Artificial intelligence (AI) is rapidly transforming radiology, with applications spanning disease detection, lesion segmentation, workflow optimization, and report generation. As these tools become more integrated into clinical practice, new concerns have emerged regarding their vulnerability to adversarial attacks. This review provides an in-depth overview of adversarial AI in radiology, a topic of growing relevance in both research and clinical domains. It begins by outlining the foundational concepts and model characteristics that make machine learning systems particularly susceptible to adversarial manipulation. A structured taxonomy of attack types is presented, including distinctions based on attacker knowledge, goals, timing, and computational frequency. The clinical implications of these attacks are then examined across key radiology tasks, with literature highlighting risks to disease classification, image segmentation and reconstruction, and report generation. Potential downstream consequences such as patient harm, operational disruption, and loss of trust are discussed. Current mitigation strategies are reviewed, spanning input-level defenses, model training modifications, and certified robustness approaches. In parallel, the role of broader lifecycle and safeguard strategies are considered. By consolidating current knowledge across technical and clinical domains, this review helps identify gaps, inform future research priorities, and guide the development of robust, trustworthy AI systems in radiology.

Le texte complet de cet article est disponible en PDF.

Keywords : Adversarial attacks, Artificial intelligence, Cybersecurity, Machine learning, Medical imaging

Abbreviations : AI, AUC, CT, DL, DNN, FGSM, LLM, ML, MRI, PGD