{"paper":{"title":"Certified Robustness under Heterogeneous Perturbations via Hybrid Randomized Smoothing","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Hybrid randomized smoothing yields a closed-form one-dimensional certificate that generalizes both Gaussian and discrete smoothing for joint discrete-continuous inputs.","cross_cats":[],"primary_cat":"cs.LG","authors_text":"Blaise Delattre, Hengyu Wu, Paul Caillon, Wei Yang Bryan Lim, Yang Cao","submitted_at":"2026-05-13T01:44:31Z","abstract_excerpt":"Randomized smoothing provides strong, model-agnostic robustness certificates, but existing guarantees are limited to single modalities, treating continuous and discrete inputs in isolation. This limitation becomes critical in multimodal models, where decisions depend on cross-modal semantics and adversaries can jointly perturb heterogeneous inputs, rendering unimodal certificates insufficient. We introduce a unified randomized smoothing framework for mixed discrete--continuous inputs based on an analytically tractable Neyman--Pearson formulation of the joint worst-case problem. By analyzing th"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"our approach yields a closed-form, one-dimensional certificate that strictly generalizes both Gaussian (image-only) and discrete (text-only) randomized smoothing","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The joint likelihood ordering induced by factorized discrete and continuous noise permits an analytically tractable Neyman-Pearson formulation of the worst-case problem.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"A hybrid randomized smoothing method yields a closed-form certificate for joint discrete-continuous perturbations that generalizes prior Gaussian and discrete smoothing approaches.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Hybrid randomized smoothing yields a closed-form one-dimensional certificate that generalizes both Gaussian and discrete smoothing for joint discrete-continuous inputs.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"088c8bbfae37d832f33018c35686e1e70681cb98aff6a45f16c0e5d230f6f090"},"source":{"id":"2605.12876","kind":"arxiv","version":1},"verdict":{"id":"88a2435d-c52f-43e5-bd14-adfb509870d7","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-14T20:19:40.652530Z","strongest_claim":"our approach yields a closed-form, one-dimensional certificate that strictly generalizes both Gaussian (image-only) and discrete (text-only) randomized smoothing","one_line_summary":"A hybrid randomized smoothing method yields a closed-form certificate for joint discrete-continuous perturbations that generalizes prior Gaussian and discrete smoothing approaches.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The joint likelihood ordering induced by factorized discrete and continuous noise permits an analytically tractable Neyman-Pearson formulation of the worst-case problem.","pith_extraction_headline":"Hybrid randomized smoothing yields a closed-form one-dimensional certificate that generalizes both Gaussian and discrete smoothing for joint discrete-continuous inputs."},"references":{"count":22,"sample":[{"doi":"","year":2023,"title":"A., Jagielski, M., Gao, I., Awadalla, A., Koh, P","work_id":"490b95c3-2f53-4701-a7a7-c9ad219de0e6","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2024,"title":"A Survey on Multimodal Large Language Models for Autonomous Driving","work_id":"184f4f4a-d36f-4593-94cb-4b6420fa77b0","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":null,"title":"Defeating Prompt Injections by Design","work_id":"86405b86-1c51-4042-9b04-aff0b6541411","ref_index":4,"cited_arxiv_id":"2503.18813","is_internal_anchor":true},{"doi":"","year":null,"title":"Ad- versarial attacks to multi-modal models.arXiv preprint arXiv:2409.06793,","work_id":"25ac5b53-65c4-42b2-8069-27b5dfd6311e","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":null,"title":"Llavaguard: An open vlm- based framework for safeguarding vision datasets and mod- els","work_id":"6428946a-91bd-4dbe-b263-a8f502ab8aa0","ref_index":6,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":22,"snapshot_sha256":"c2284d38c6b069473c5988ad3246014f7007ae9a218f7fa3fb1d43bdbce5dbf5","internal_anchors":5},"formal_canon":{"evidence_count":2,"snapshot_sha256":"d7be81a3f67da361da43c82a6500f303f6b52a7a5355a318c0f2d7bf34bc667e"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}