Saved in:
Bibliographic Details
Main Authors: Emmanouilidis, Konstantinos, Ding, Tianjiao, Nguyen, Nghia, Loizou, Nicolas, Vidal, René
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.25352
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914599001915392
author Emmanouilidis, Konstantinos
Ding, Tianjiao
Nguyen, Nghia
Loizou, Nicolas
Vidal, René
author_facet Emmanouilidis, Konstantinos
Ding, Tianjiao
Nguyen, Nghia
Loizou, Nicolas
Vidal, René
contents Deep learning models are vulnerable to adversarial perturbations, raising important concerns for safety-critical deployment. Empirical defenses can achieve strong robustness in practice, but lack formal guarantees, motivating the need for certifiably robust classifiers. While certified methods provide formal guarantees, they often yield overly conservative bounds due to their inability to exploit structure in complex data distributions. In this work, we propose a framework for designing certifiably robust classifiers that leverages latent structure in data representations. We first analyze the Gaussian mixture setting, deriving necessary and sufficient conditions for the existence of robust classifiers and constructing a classifier with a closed-form robustness certificate and generalization guarantees. Our main contribution is to show that exact structure is not required: we prove that if a pretrained encoder maps inputs to a latent distribution that is $\varepsilon$-close (in KL divergence) to a Gaussian mixture, then certified accuracy degrades gracefully, with an explicit bound relating robustness under the true and approximate distributions. This result enables the direct use of pretrained models without requiring exact distributional assumptions. Empirically, our method achieves state-of-the-art or competitive certified accuracy on CIFAR-10 and ImageNet, while maintaining strong clean performance and low computational overhead. Overall, our work establishes approximate latent structure as a practical and principled route to certifiable robustness.
format Preprint
id arxiv_https___arxiv_org_abs_2605_25352
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Certified Robustness from Approximate Gaussian Mixture Structures in Pretrained Latent Spaces
Emmanouilidis, Konstantinos
Ding, Tianjiao
Nguyen, Nghia
Loizou, Nicolas
Vidal, René
Machine Learning
Artificial Intelligence
Deep learning models are vulnerable to adversarial perturbations, raising important concerns for safety-critical deployment. Empirical defenses can achieve strong robustness in practice, but lack formal guarantees, motivating the need for certifiably robust classifiers. While certified methods provide formal guarantees, they often yield overly conservative bounds due to their inability to exploit structure in complex data distributions. In this work, we propose a framework for designing certifiably robust classifiers that leverages latent structure in data representations. We first analyze the Gaussian mixture setting, deriving necessary and sufficient conditions for the existence of robust classifiers and constructing a classifier with a closed-form robustness certificate and generalization guarantees. Our main contribution is to show that exact structure is not required: we prove that if a pretrained encoder maps inputs to a latent distribution that is $\varepsilon$-close (in KL divergence) to a Gaussian mixture, then certified accuracy degrades gracefully, with an explicit bound relating robustness under the true and approximate distributions. This result enables the direct use of pretrained models without requiring exact distributional assumptions. Empirically, our method achieves state-of-the-art or competitive certified accuracy on CIFAR-10 and ImageNet, while maintaining strong clean performance and low computational overhead. Overall, our work establishes approximate latent structure as a practical and principled route to certifiable robustness.
title Certified Robustness from Approximate Gaussian Mixture Structures in Pretrained Latent Spaces
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2605.25352