Result: adverSCarial: a toolkit for exposing classifier vulnerabilities in single-cell transcriptomics

Adversarial attacks pose a significant risk to machine learning (ML) tools designed forclassifying single-cell RNA-sequencing (scRNA-seq) data, with potential implications forbiomedical research and future clinical applications. We present adverSCarial, a novel Rpackage that evaluates the vulnerability of scRNA-seq classifiers to various adversarialperturbations, ranging from barely detectable, subtle changes in gene expression to large-scale modifications. We demonstrate how five representative classifiers spanning marker-based, hierarchical, support vector machine, random forest, and neural network algorithms,respond to these attacks on four hallmarks scRNA-seq datasets. Our findings reveal that allclassifiers eventually fail under different amplitudes of perturbations, which depend on theML algorithm they are based on and on the nature of the modifications. Beyond securityconcerns, adversarial attacks help uncover the inner decision-making mechanisms of theclassifiers. The various attack modes and customizable parameters proposed inadverSCarial are useful to identify which gene or set of genes is crucial for correctclassification and to highlight the genes that can be substantially altered without detection.These functionalities are critical for the development of more robust and interpretablemodels, a step toward integrating scRNA-seq classifiers into routine research and clinicalworkflows. The R package is freely available on Bioconductor(10.18129/B9.bioc.adverSCarial) and helps evaluate scRNA-seq-based ML modelsvulnerabilities in a computationally-cheap and time-efficient framework.