This is an adversarial evasion attack (also called an inference-time attack). The attacker crafts a perturbation to the input that causes the deployed model to make an incorrect prediction, without modifying the model itself.