Robustness certificates based on real arithmetic often fail when executed on actual floating-point hardware.
arXiv · March 17, 2026 · 2603.13334
The Takeaway
This paper reveals a semantic gap in AI safety: certificates can be invalid on low-precision formats like float16. It provides a formal theory to derive sound robustness bounds for actual hardware execution, essential for high-assurance or safety-critical ML.
From the abstract
Sensitivity-based robustness certification has emerged as a practical approach for certifying neural network robustness, including in settings that require verifiable guarantees. A key advantage of these methods is that certification is performed by concrete numerical computation (rather than symbolic reasoning) and scales efficiently with network size. However, as with the vast majority of prior work on robustness certification and verification, the soundness of these methods is typically prove