Augmented reality systems that rely on radiofrequency (RF) sensing must withstand adversarial attacks. An
attacker may jam the channel to block alerts or spoof RF
signatures to trigger false critical alarms. Today’s RF-to-AR
pipelines lack systematic mechanisms to evaluate and harden
against such threats. Inspired by red-team methodologies, we
present a framework for generating adversarial traces and
evaluating spoofing/jamming resilience. We contribute three components: (1) adversarial trace generators that inject jammed
and spoofed RF events into standardised traces; (2) detection
algorithms that analyse RF metrics (noise floor, channel variance)
and cryptographic tags to identify attacks; and (3) mitigation
strategies including channel hopping and majority-vote consensus
to maintain situational awareness. Our experiments show that the
proposed defences detect 92% of jamming events and 88% of
spoofed alerts within 100 ms, reducing false critical alerts by
40%. The framework emphasises reproducibility: adversarial
traces, metrics and scripts are packaged in OpenBench-AR
format [1], capturing data, code and process [2].