This work addresses the vulnerability of continuous data summarization to adversarial perturbations, which compromises summary representativeness and degrades downstream task performance, thereby threatening the trustworthiness of AI systems. The paper introduces, for the first time, a multi-objective adversarial attack framework and a robust defense mechanism tailored to this setting. The attack is formulated as a min-max optimization problem, while the defense is cast as a regularized max-min game. Building on DR-submodular optimization and multilinear extensions, the authors develop approximation algorithms with theoretical guarantees. Experiments demonstrate that the proposed attack significantly undermines summary utility even under low-to-moderate perturbation budgets, whereas the defense effectively balances robustness and utility in structured scenarios, revealing the upstream impact of summarization on AI trustworthiness.

Trustworthy AI requires reliable data-processing pipelines, not only robust downstream predictive models. As an upstream component, data summarization determines which information is retained and passed to subsequent learning or decision modules. Therefore, adversarial perturbations to the summarization process can compromise trustworthy AI in an upstream manner: they may alter the selected summary, reduce its representativeness, and further degrade the utility of subsequent learning tasks. In this paper, we study adversarial attacks on continuous data summarization under similarity-level perturbations through DR-submodular optimization. We show that a class of multi-resolution image summarization objectives can be formulated as multilinear extensions of non-negative submodular set functions and satisfy DR-submodularity with $m$-weak monotonicity. We then formulate multi-target attack generation as a min-max problem, where one admissible perturbation of the similarity structure is optimized to degrade multiple target summarization models. To mitigate such perturbations, we formulate robust defense against mixed attack types as a regularized max-min problem. For both problems, we develop approximation algorithms with theoretical guarantees. Experiments on real-data and controlled clustered benchmarks show that the proposed attack is effective in representative low-to-moderate budget regimes and can induce downstream task-performance loss. The proposed defense improves the robustness--mitigation trade-off in structured settings, while also revealing the parameter sensitivity of robust protection on real data.