What it does

Foolbox is a Python library for generating adversarial examples against neural networks. You wrap your model, pick an attack (like LinfPGD), and run it. It supports PyTorch, TensorFlow, and JAX — the framework you already use, not the one it forces on you.

The interesting bit

The rewrite for Foolbox 3 ditched NumPy entirely in favor of EagerPy, a thin abstraction layer that compiles to native operations for each framework. One codebase, no string-and-glue interop, and actual batch support. It’s the kind of “boring” infrastructure decision that makes the tool actually usable at scale.

Key highlights

• Native performance in PyTorch, TensorFlow, and JAX via EagerPy — no NumPy bottleneck
• Real batch support for running attacks efficiently
• Large collection of gradient-based and decision-based attacks included
• Extensive type annotations to catch bugs before runtime
• Frameworks install separately (not declared as dependencies), avoiding CUDA/architecture mismatch headaches

Caveats

• Compatibility testing lags behind latest releases: PyTorch 1.10.1, TensorFlow 2.6.3, JAX 0.2.517 (newer versions “expected to work” but not guaranteed)
• Python 3.6–3.8 support is speculative; only 3.8+ is tested
• Performance comparison with earlier versions exists but is described as “basic”

Verdict

Researchers and engineers who benchmark model robustness across frameworks or need a consistent attack API should grab this. If you’re married to a single framework and already have a custom attack pipeline, the migration tax may not pay off.