Search Results for author:
Found 14 papers, 9 papers with code
Manipulating Large Language Models to Increase Product Visibility
We demonstrate that adding a strategic text sequence (STS) -- a carefully crafted message -- to a product's information page can significantly increase its likelihood of being listed as the LLM's top recommendation.
Towards Safe and Aligned Large Language Models for Medicine
The capabilities of large language models (LLMs) have been progressing at a breathtaking speed, leaving even their own developers grappling with the depth of their potential and risks.
Robustness of AI-Image Detectors: Fundamental Limits and Practical Attacks
Moreover, we show that watermarking methods are vulnerable to spoofing attacks where the attacker aims to have real images identified as watermarked ones, damaging the reputation of the developers.
Certifying LLM Safety against Adversarial Prompting
We defend against three attack modes: i) adversarial suffix, where an adversarial sequence is appended at the end of a harmful prompt; ii) adversarial insertion, where the adversarial sequence is inserted anywhere in the middle of the prompt; and iii) adversarial infusion, where adversarial tokens are inserted at arbitrary positions in the prompt, not necessarily as a contiguous block.
Provable Robustness for Streaming Models with a Sliding Window
Robustness certificates based on the assumption of independent input samples are not directly applicable in such scenarios.
Can AI-Generated Text be Reliably Detected?
In particular, we develop a recursive paraphrasing attack to apply on AI text, which can break a whole range of detectors, including the ones using the watermarking schemes as well as neural network-based detectors, zero-shot classifiers, and retrieval-based detectors.
Certifying Model Accuracy under Distribution Shifts
Certified robustness in machine learning has primarily focused on adversarial perturbations of the input with a fixed attack budget for each point in the data distribution.
Policy Smoothing for Provably Robust Reinforcement Learning
Prior works in provable robustness in RL seek to certify the behaviour of the victim policy at every time-step against a non-adaptive adversary using methods developed for the static setting.
Center Smoothing: Certified Robustness for Networks with Structured Outputs
We extend the scope of certifiable robustness to problems with more general and structured outputs like sets, images, language, etc.
Detection as Regression: Certified Object Detection with Median Smoothing
Despite the vulnerability of object detectors to adversarial attacks, very few defenses are known to date.
Tight Second-Order Certificates for Randomized Smoothing
In this work, we show that there also exists a universal curvature-like bound for Gaussian random smoothing: given the exact value and gradient of a smoothed function, we compute a lower bound on the distance of a point to its closest adversarial example, called the Second-order Smoothing (SoS) robustness certificate.
Certifying Confidence via Randomized Smoothing
It uses the probabilities of predicting the top two most-likely classes around an input point under a smoothing distribution to generate a certified radius for a classifier's prediction.
Detection as Regression: Certified Object Detection by Median Smoothing
While adversarial training can improve the empirical robustness of image classifiers, a direct extension to object detection is very expensive.
Curse of Dimensionality on Randomized Smoothing for Certifiable Robustness
Notably, for $p \geq 2$, this dependence on $d$ is no better than that of the $\ell_p$-radius that can be certified using isotropic Gaussian smoothing, essentially putting a matching lower bound on the robustness radius.
