pith. sign in
Pith Number

pith:MMZPTCDL

pith:2026:MMZPTCDLWL7C2TDU4NMT6MRVKC
not attested not anchored not stored refs resolved

Compositional Adversarial Training for Robust Visual Watermarking

Andrew Xu, Anirudh Satheesh, Furong Huang, Georgios Milis, Heng Huang, Michael-Andrei Panaitescu-Liess, Zikui Cai

Training visual watermarks against learned sequences of attacks produces higher robustness than random augmentation.

arxiv:2605.16720 v1 · 2026-05-16 · cs.CV · cs.LG

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{MMZPTCDLWL7C2TDU4NMT6MRVKC}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

CAT consistently outperforms random-augmentation baselines trained with the same augmentation budget, with the largest gains on hard composed attacks and OOD evaluations; improving overall watermark capacity by up to 63.5% in the single-step attack setting and 13.0% in the compositional setting.

C2weakest assumption

The assumption that a learned sequential adversary with Gumbel-Softmax selection can reliably cover the combinatorial space of realistic attack pipelines without mode collapse or missing critical compositions that break detection, as stated in the formulation of watermark robustness as a min-max problem over structured transformations.

C3one line summary

CAT trains watermark detectors against adaptive compositional adversaries using differentiable attack selection, yielding up to 63.5% capacity gains on hard attacks versus random-augmentation baselines.

References

61 extracted · 61 resolved · 6 Pith anchors

[1] Explaining and Harnessing Adversarial Examples · arXiv:1412.6572
[2] Towards Deep Learning Models Resistant to Adversarial Attacks · arXiv:1706.06083
[3] arXiv preprint arXiv:2210.02577 , year=
[4] International conference on machine learning , pages= 2019
[5] Proceedings of the IEEE/CVF international conference on computer vision , pages=

Formal links

2 machine-checked theorem links

Receipt and verification
First computed 2026-05-20T00:02:38.331566Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

6332f9886bb2fe2d4c74e3593f323550954c0764f33b8d048620f2d91c7d6d37

Aliases

arxiv: 2605.16720 · arxiv_version: 2605.16720v1 · doi: 10.48550/arxiv.2605.16720 · pith_short_12: MMZPTCDLWL7C · pith_short_16: MMZPTCDLWL7C2TDU · pith_short_8: MMZPTCDL
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/MMZPTCDLWL7C2TDU4NMT6MRVKC \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 6332f9886bb2fe2d4c74e3593f323550954c0764f33b8d048620f2d91c7d6d37
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "e21d78d16389b895b4ea169aa8fc17590d8cf62b33f823b06aef854753481039",
    "cross_cats_sorted": [
      "cs.LG"
    ],
    "license": "http://creativecommons.org/licenses/by-nc-sa/4.0/",
    "primary_cat": "cs.CV",
    "submitted_at": "2026-05-16T00:07:49Z",
    "title_canon_sha256": "32098b1d61bbccc52f58e42266a60da30292f8c20146674bc793fc4f37d5051d"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.16720",
    "kind": "arxiv",
    "version": 1
  }
}