Time-Series Foundation Models (TSFMs) are rapidly transitioning from research prototypes to core components of critical decision-making systems, driven by their impressive zero-shot forecasting capabilities. However, as their deployment surges, a critical blind spot remains: their fragility under adversarial attacks. This lack of scrutiny poses severe risks, particularly as TSFMs enter high-stakes environments vulnerable to manipulation. We present a systematic, diagnostic study arguing that for TSFMs, robustness is not merely a secondary metric but a prerequisite for trustworthy deployment comparable to accuracy. Our evaluation framework, explicitly tailored to the unique constraints of time series, incorporates normalized, sparsity-aware perturbation budgets and unified scale-invariant metrics across white-box and black-box settings. Across six representative TSFMs, we demonstrate that current architectures are alarmingly brittle: even small perturbations can reliably steer forecasts toward specific failure modes, such as trend flips and malicious drifts. We uncover TSFM-specific vulnerability patterns, including horizon-proximal brittleness, increased susceptibility with longer context windows, and weak cross-model transfer that points to model-specific failure modes rather than generic distortions. Finally, we show that simple adversarial fine-tuning offers a cost-effective path to substantial robustness gains, even with out-of-domain data. This work bridges the gap between TSFM capabilities and safety constraints, offering essential guidance for hardening the next generation of forecasting systems.

翻译：时间序列基础模型凭借其卓越的零样本预测能力，正迅速从研究原型转变为关键决策系统的核心组件。然而，随着其部署规模的扩大，一个关键盲点依然存在：模型在对抗攻击下的脆弱性。这种缺乏严格评估的现状带来了严重风险，尤其是在TSFMs进入易受操纵的高风险环境时。我们提出了一项系统性诊断研究，论证对于TSFMs而言，鲁棒性不仅是次要指标，更是与准确性同等重要的可信部署前提。我们专门针对时间序列的独特约束设计了评估框架，包含归一化、稀疏感知的扰动预算，以及在白盒与黑盒设置下统一的尺度不变度量标准。通过对六个代表性TSFM的测试，我们发现当前架构存在令人担忧的脆弱性：即使微小扰动也能可靠地将预测导向特定失效模式，例如趋势翻转和恶意漂移。我们揭示了TSFM特有的脆弱性模式，包括预测时域近端脆弱性、长上下文窗口下敏感性增强，以及指向模型特定失效模式（而非通用失真）的弱跨模型迁移性。最后，我们证明简单的对抗性微调能以较低成本显著提升鲁棒性，即使使用领域外数据亦有效。本研究弥合了TSFM能力与安全约束之间的鸿沟，为强化下一代预测系统提供了重要指导。