I personally think adversarial examples are highly worth studying, and should inspire serious concern. However, most of the justifications for why exactly they’re worrisome strike me as overly literal.

One: they’re a proof of concept: an incontrovertible demonstration that a certain type of problem exists. As a result of easily finding small-perturbation adversarial examples, we can say with certainty that if the safety of your system depends on the classifier never making obvious mistakes, then that guarantee is false, and your system is unsafe.

source: grugq