{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2019:NJEVEL4IBG2QUTDX3RH35IJ3ON","short_pith_number":"pith:NJEVEL4I","schema_version":"1.0","canonical_sha256":"6a49522f8809b50a4c77dc4fbea13b734bcaa9864961596faf9323804e3b08c4","source":{"kind":"arxiv","id":"1902.06705","version":2},"attestation_state":"computed","paper":{"title":"On Evaluating Adversarial Robustness","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Aleksander Madry, Alexey Kurakin, Anish Athalye, Dimitris Tsipras, Ian Goodfellow, Jonas Rauber, Nicholas Carlini, Nicolas Papernot, Wieland Brendel","submitted_at":"2019-02-18T18:18:27Z","abstract_excerpt":"Correctly evaluating defenses against adversarial examples has proven to be extremely difficult. Despite the significant amount of recent work attempting to design defenses that withstand adaptive attacks, few have succeeded; most papers that propose defenses are quickly shown to be incorrect.\n  We believe a large contributing factor is the difficulty of performing security evaluations. In this paper, we discuss the methodological foundations, review commonly accepted best practices, and suggest new methods for evaluating defenses to adversarial examples. We hope that both researchers developi"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1902.06705","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-02-18T18:18:27Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"c953917a928fe40f0264f6c88619006d38826cb34519b88ca10b22683169438d","abstract_canon_sha256":"516a6ddc2f33f5c0654715e553958aa48c68acc4babbe5817cb6ecc6670ea4ac"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:53:08.618302Z","signature_b64":"hNu5+IH2wxqgvXP1QY2Wj7v+SGXu4fp3x3jXhdRkweZ1/b5KPrL4UMuH3KBuQ+evS65zdpHpRShIBXLTMyE3Dg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"6a49522f8809b50a4c77dc4fbea13b734bcaa9864961596faf9323804e3b08c4","last_reissued_at":"2026-05-17T23:53:08.617652Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:53:08.617652Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"On Evaluating Adversarial Robustness","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Aleksander Madry, Alexey Kurakin, Anish Athalye, Dimitris Tsipras, Ian Goodfellow, Jonas Rauber, Nicholas Carlini, Nicolas Papernot, Wieland Brendel","submitted_at":"2019-02-18T18:18:27Z","abstract_excerpt":"Correctly evaluating defenses against adversarial examples has proven to be extremely difficult. Despite the significant amount of recent work attempting to design defenses that withstand adaptive attacks, few have succeeded; most papers that propose defenses are quickly shown to be incorrect.\n  We believe a large contributing factor is the difficulty of performing security evaluations. In this paper, we discuss the methodological foundations, review commonly accepted best practices, and suggest new methods for evaluating defenses to adversarial examples. We hope that both researchers developi"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1902.06705","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1902.06705","created_at":"2026-05-17T23:53:08.617749+00:00"},{"alias_kind":"arxiv_version","alias_value":"1902.06705v2","created_at":"2026-05-17T23:53:08.617749+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1902.06705","created_at":"2026-05-17T23:53:08.617749+00:00"},{"alias_kind":"pith_short_12","alias_value":"NJEVEL4IBG2Q","created_at":"2026-05-18T12:33:24.271573+00:00"},{"alias_kind":"pith_short_16","alias_value":"NJEVEL4IBG2QUTDX","created_at":"2026-05-18T12:33:24.271573+00:00"},{"alias_kind":"pith_short_8","alias_value":"NJEVEL4I","created_at":"2026-05-18T12:33:24.271573+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":10,"internal_anchor_count":4,"sample":[{"citing_arxiv_id":"1907.05587","citing_title":"Stateful Detection of Black-Box Adversarial Attacks","ref_index":8,"is_internal_anchor":true},{"citing_arxiv_id":"2412.14855","citing_title":"Position: Mind the Gap-AI Security and the Limits of Current Reporting Standards","ref_index":21,"is_internal_anchor":true},{"citing_arxiv_id":"2505.12167","citing_title":"FABLE: A Localized, Targeted Adversarial Attack on Weather Forecasting Models","ref_index":35,"is_internal_anchor":true},{"citing_arxiv_id":"2210.10760","citing_title":"Scaling Laws for Reward Model Overoptimization","ref_index":5,"is_internal_anchor":true},{"citing_arxiv_id":"2309.00614","citing_title":"Baseline Defenses for Adversarial Attacks Against Aligned Language Models","ref_index":6,"is_internal_anchor":false},{"citing_arxiv_id":"2604.27487","citing_title":"Low Rank Adaptation for Adversarial Perturbation","ref_index":67,"is_internal_anchor":false},{"citing_arxiv_id":"2605.04901","citing_title":"On the (In-)Security of the Shuffling Defense in the Transformer Secure Inference","ref_index":162,"is_internal_anchor":false},{"citing_arxiv_id":"2604.10403","citing_title":"Latent Instruction Representation Alignment: defending against jailbreaks, backdoors and undesired knowledge in LLMs","ref_index":4,"is_internal_anchor":false},{"citing_arxiv_id":"2605.07690","citing_title":"Fortifying Time Series: DTW-Certified Robust Anomaly Detection","ref_index":9,"is_internal_anchor":false},{"citing_arxiv_id":"2604.23593","citing_title":"When AI reviews science: Can we trust the referee?","ref_index":81,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON","json":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON.json","graph_json":"https://pith.science/api/pith-number/NJEVEL4IBG2QUTDX3RH35IJ3ON/graph.json","events_json":"https://pith.science/api/pith-number/NJEVEL4IBG2QUTDX3RH35IJ3ON/events.json","paper":"https://pith.science/paper/NJEVEL4I"},"agent_actions":{"view_html":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON","download_json":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON.json","view_paper":"https://pith.science/paper/NJEVEL4I","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1902.06705&json=true","fetch_graph":"https://pith.science/api/pith-number/NJEVEL4IBG2QUTDX3RH35IJ3ON/graph.json","fetch_events":"https://pith.science/api/pith-number/NJEVEL4IBG2QUTDX3RH35IJ3ON/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON/action/timestamp_anchor","attest_storage":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON/action/storage_attestation","attest_author":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON/action/author_attestation","sign_citation":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON/action/citation_signature","submit_replication":"https://pith.science/pith/NJEVEL4IBG2QUTDX3RH35IJ3ON/action/replication_record"}},"created_at":"2026-05-17T23:53:08.617749+00:00","updated_at":"2026-05-17T23:53:08.617749+00:00"}