This paper identifies, for the first time, a novel adversarial vulnerability in 3D Gaussian Splatting (3DGS) for safety-critical applications: its view-dependent Gaussian appearance can be maliciously exploited to embed stealthy adversarial content visible only from specific viewpoints; crucially, such attacks require no access to training data and directly perturb 3D Gaussian parameters—enabling both white-box and black-box compatible exploitation. To address this, we propose two novel attack methods: CLOAK (View-Modeling–based Appearance Deception) and DAGGER (Gradient-based Parameter Perturbation), both optimized via Projected Gradient Descent (PGD). We evaluate them against multi-stage detectors including Faster R-CNN. Experiments on real-world 3DGS reconstructions demonstrate that both attacks increase object detection miss rates by over 70%, providing the first systematic empirical evidence of substantial security risks posed by 3DGS in autonomous driving and other safety-critical domains.

With 3D Gaussian Splatting (3DGS) being increasingly used in safety-critical applications, how can an adversary manipulate the scene to cause harm? We introduce CLOAK, the first attack that leverages view-dependent Gaussian appearances - colors and textures that change with viewing angle - to embed adversarial content visible only from specific viewpoints. We further demonstrate DAGGER, a targeted adversarial attack directly perturbing 3D Gaussians without access to underlying training data, deceiving multi-stage object detectors e.g., Faster R-CNN, through established methods such as projected gradient descent. These attacks highlight underexplored vulnerabilities in 3DGS, introducing a new potential threat to robotic learning for autonomous navigation and other safety-critical 3DGS applications.