Abstract:Randomized smoothing provides strong, model-agnostic robustness certificates, but existing guarantees are limited to single modalities, treating continuous and discrete inputs in isolation. This limitation becomes critical in multimodal models, where decisions depend on cross-modal semantics and adversaries can jointly perturb heterogeneous inputs, rendering unimodal certificates insufficient. We introduce a unified randomized smoothing framework for mixed discrete--continuous inputs based on an analytically tractable Neyman--Pearson formulation of the joint worst-case problem. By analyzing the joint likelihood ordering induced by factorized discrete and continuous noise, our approach yields a closed-form, one-dimensional certificate that strictly generalizes both Gaussian (image-only) and discrete (text-only) randomized smoothing. We validate the framework on multimodal safety filtering, providing, to our knowledge, the first model-agnostic Neyman--Pearson certificate for joint discrete-token and continuous-image perturbations in interaction-dependent text--image safety filtering.
| Comments: | ICML 2026. Code: this https URL |
| Subjects: | Machine Learning (cs.LG) |
| Cite as: | arXiv:2605.12876 [cs.LG] |
| (or arXiv:2605.12876v1 [cs.LG] for this version) | |
| https://doi.org/10.48550/arXiv.2605.12876 arXiv-issued DOI via DataCite (pending registration) |
Submission history
From: Blaise Delattre [view email]
[v1]
Wed, 13 May 2026 01:44:31 UTC (826 KB)