Search Results for author:
Found 16 papers, 11 papers with code
Detecting LLM-Written Peer Reviews
We find a high success rate in the embedding of our watermarks in LLM-generated reviews across models.
Generalizing Trust: Weak-to-Strong Trustworthiness in Language Models
A key phenomenon known as weak-to-strong generalization - where a strong model trained on a weak model's outputs surpasses the weak model in task performance - has gained significant attention.
Manipulating Large Language Models to Increase Product Visibility
We demonstrate that adding a strategic text sequence (STS) -- a carefully crafted message -- to a product's information page can significantly increase its likelihood of being listed as the LLM's top recommendation.
MedSafetyBench: Evaluating and Improving the Medical Safety of Large Language Models
As large language models (LLMs) develop increasingly sophisticated capabilities and find applications in medical settings, it becomes important to assess their medical safety due to their far-reaching implications for personal and public health, patient safety, and human rights.
Robustness of AI-Image Detectors: Fundamental Limits and Practical Attacks
Moreover, we show that watermarking methods are vulnerable to spoofing attacks where the attacker aims to have real images identified as watermarked ones, damaging the reputation of the developers.
Certifying LLM Safety against Adversarial Prompting
We defend against three attack modes: i) adversarial suffix, where an adversarial sequence is appended at the end of a harmful prompt; ii) adversarial insertion, where the adversarial sequence is inserted anywhere in the middle of the prompt; and iii) adversarial infusion, where adversarial tokens are inserted at arbitrary positions in the prompt, not necessarily as a contiguous block.
Provable Robustness for Streaming Models with a Sliding Window
Robustness certificates based on the assumption of independent input samples are not directly applicable in such scenarios.
Can AI-Generated Text be Reliably Detected?
Large Language Models (LLMs) perform impressively well in various applications.
Certifying Model Accuracy under Distribution Shifts
Certified robustness in machine learning has primarily focused on adversarial perturbations of the input with a fixed attack budget for each point in the data distribution.
Policy Smoothing for Provably Robust Reinforcement Learning
Prior works in provable robustness in RL seek to certify the behaviour of the victim policy at every time-step against a non-adaptive adversary using methods developed for the static setting.
Center Smoothing: Certified Robustness for Networks with Structured Outputs
We extend the scope of certifiable robustness to problems with more general and structured outputs like sets, images, language, etc.
Detection as Regression: Certified Object Detection with Median Smoothing
Despite the vulnerability of object detectors to adversarial attacks, very few defenses are known to date.
Tight Second-Order Certificates for Randomized Smoothing
In this work, we show that there also exists a universal curvature-like bound for Gaussian random smoothing: given the exact value and gradient of a smoothed function, we compute a lower bound on the distance of a point to its closest adversarial example, called the Second-order Smoothing (SoS) robustness certificate.
Certifying Confidence via Randomized Smoothing
It uses the probabilities of predicting the top two most-likely classes around an input point under a smoothing distribution to generate a certified radius for a classifier's prediction.
Detection as Regression: Certified Object Detection by Median Smoothing
While adversarial training can improve the empirical robustness of image classifiers, a direct extension to object detection is very expensive.
Curse of Dimensionality on Randomized Smoothing for Certifiable Robustness
Notably, for $p \geq 2$, this dependence on $d$ is no better than that of the $\ell_p$-radius that can be certified using isotropic Gaussian smoothing, essentially putting a matching lower bound on the robustness radius.
