Position: Certified Robustness Does Not (Yet) Imply Model Security
Abstract
While certified robustness is widely promoted as a solution to adversarial examples in Artificial Intelligence systems, significant challenges remain before these techniques can be meaningfully deployed in real-world applications. We identify critical gaps in current research, including the paradox of detection without distinction, the lack of clear criteria for practitioners to evaluate certification schemes, and the potential security risks arising from users’ expectations surrounding “guaranteed" robustness claims. These create an alignment issue between how certifications are presented and perceived, relative to their actual capabilities. This position paper is a call to arms for the certification research community, proposing concrete steps to address these fundamental challenges and advance the field toward practical applicability.
Cite
Text
Cullen et al. "Position: Certified Robustness Does Not (Yet) Imply Model Security." Proceedings of the 42nd International Conference on Machine Learning, 2025.Markdown
[Cullen et al. "Position: Certified Robustness Does Not (Yet) Imply Model Security." Proceedings of the 42nd International Conference on Machine Learning, 2025.](https://mlanthology.org/icml/2025/cullen2025icml-position/)BibTeX
@inproceedings{cullen2025icml-position,
title = {{Position: Certified Robustness Does Not (Yet) Imply Model Security}},
author = {Cullen, Andrew Craig and Montague, Paul and Erfani, Sarah Monazam and Rubinstein, Benjamin I. P.},
booktitle = {Proceedings of the 42nd International Conference on Machine Learning},
year = {2025},
pages = {81185-81198},
volume = {267},
url = {https://mlanthology.org/icml/2025/cullen2025icml-position/}
}