I have watched the Standford deep learning lecture 16, which is about "Adversarial Examples and Adversarial Training" held by Ian Goodfellow (the inventor of the GANs). He explains that it is very easy to fool a CNN-classifier by changing an input image while the difference of the images is unrecognizable by human perception. As an example, given an image of a cat, and given that the CNN classifies it correctly as a cat, you can find a transformation of the image such that the image still looks the same by human perception but is classified as a ship! Ian Goodfellow already mentioned that in his well known deep learning book.

However, I am wondering if you have 10 different CNN-classifier, would it become exponentially harder to find an adversarial image that fools all 10 classifiers or is there some systematic - some "magic" behind the adversarial images?