AED: Automatic Discovery of Effective and Diverse Vulnerabilities for Autonomous Driving Policy with Large Language Models

TL;DR

The paper tackles safety evaluation for autonomous driving by automatically uncovering vulnerabilities that are both effective and diverse. It introduces AED, an LLM-guided framework that designs RL rewards, generates a wide range of accident scenarios in parallel, and applies preference-based learning to filter ineffective events. Empirical results in Highway and Roundabout settings show AED achieves higher vulnerability diversity and attack success rates than expert-crafted rewards and prior baselines. By reducing manual reward engineering and improving interpretability, AED enhances the comprehensiveness of AV safety evaluation and generalizes across policies and scenarios.

Abstract

Assessing the safety of autonomous driving policy is of great importance, and reinforcement learning (RL) has emerged as a powerful method for discovering critical vulnerabilities in driving policies. However, existing RL-based approaches often struggle to identify vulnerabilities that are both effective-meaning the autonomous vehicle is genuinely responsible for the accidents-and diverse-meaning they span various failure types. To address these challenges, we propose AED, a framework that uses large language models (LLMs) to automatically discover effective and diverse vulnerabilities in autonomous driving policies. We first utilize an LLM to automatically design reward functions for RL training. Then we let the LLM consider a diverse set of accident types and train adversarial policies for different accident types in parallel. Finally, we use preference-based learning to filter ineffective accidents and enhance the effectiveness of each vulnerability. Experiments across multiple simulated traffic scenarios and tested policies show that AED uncovers a broader range of vulnerabilities and achieves higher attack success rates compared with expert-designed rewards, thereby reducing the need for manual reward engineering and improving the diversity and effectiveness of vulnerability discovery. The implementation can be found on: https://github.com/thu-nics/AED .

Figures (11)

• Figure 1: Illustration of effective and diverse vulnerabilities. An effective vulnerability is an accident that is caused by the false decision-making of the tested policy. Diverse vulnerabilities refer to different accident types that are consistent with human understanding and regulations.
• Figure 2: Overview of our proposed AED framework that uses large language models (LLMs) to automatically discover effective and diverse vulnerabilities in autonomous driving policies. Our framework first utilizes an LLM to automatically design reward for vulnerability discovery. Then we use the LLM to consider different accident types and generate a diverse set of accidents in parallel. Finally, we use preference-based learning to enhance the effectiveness of each accident type. Combining the three components leads to our framework for automatic, effective, and diverse vulnerability discovery.
• Figure 3: Demonstration of "Highway" and "Roundabout".
• Figure 4: Examples of distinct vulnerability types discovered by AED. Adv. is abbreviation for "adversarial".
• Figure 5: Number of vulnerability types discovered across different environments, tested policies, and numbers of adversarial vehicle agents. Each line represents the cumulative number over six training iterations, where the first discovered type is counted as 1, and subsequent new types are weighted by their relevant frequency among effective failures. AED consistently discovers more diverse vulnerabilities than VDARS.