This paper introduces AdvGAN, a method for generating adversarial examples using generative adversarial networks (GANs). AdvGAN aims to produce high-quality, perceptually realistic adversarial examples that can mislead deep neural networks (DNNs) into producing adversary-selected results. The method involves training a generator to create perturbations and a discriminator to ensure the generated examples are realistic. AdvGAN can be applied in both semi-whitebox and black-box attack settings, where it can efficiently generate adversarial perturbations for any input instance without requiring direct access to the target model. The paper evaluates AdvGAN on various datasets and models, demonstrating its effectiveness in achieving high attack success rates under state-of-the-art defenses. Notably, AdvGAN achieved the highest accuracy (92.76%) on a public MNIST black-box attack challenge. The contributions of AdvGAN include its ability to generate high-quality adversarial examples, its efficiency in generating perturbations, and its effectiveness in both semi-whitebox and black-box attack settings.This paper introduces AdvGAN, a method for generating adversarial examples using generative adversarial networks (GANs). AdvGAN aims to produce high-quality, perceptually realistic adversarial examples that can mislead deep neural networks (DNNs) into producing adversary-selected results. The method involves training a generator to create perturbations and a discriminator to ensure the generated examples are realistic. AdvGAN can be applied in both semi-whitebox and black-box attack settings, where it can efficiently generate adversarial perturbations for any input instance without requiring direct access to the target model. The paper evaluates AdvGAN on various datasets and models, demonstrating its effectiveness in achieving high attack success rates under state-of-the-art defenses. Notably, AdvGAN achieved the highest accuracy (92.76%) on a public MNIST black-box attack challenge. The contributions of AdvGAN include its ability to generate high-quality adversarial examples, its efficiency in generating perturbations, and its effectiveness in both semi-whitebox and black-box attack settings.