Deep neural networks can predict well even when fitting noisy data. The phenomenon is called benign overfitting. In this seminar, we analyze the overparametrized model under the adversarial perturbation, showing the fitting noise leads to sensitive models to the adversarial perturbation. In contrast to the natural risk where noise cancels out for each dimension, the small perturbation of each feature accumulates to significant change of the output in the adversarial attack.  And we also study the adversarial training in these overparametrized models, showing that while it can increase the robustness of the model, it leads to distinct parameter to the oracle and decreases in performance for natural data.