Adversarial Robustness is at Odds with Lazy Training

TL;DR

This paper demonstrates that even neural networks trained with lazy training methods, which are theoretically efficient and generalize well, remain vulnerable to simple adversarial attacks, highlighting a fundamental robustness challenge.

Contribution

It extends the understanding of adversarial vulnerability to lazy training regimes, showing these models are susceptible despite their theoretical advantages.

Findings

Over-parametrized lazy-trained networks are vulnerable to single-step gradient attacks.

Such networks generalize well and have strong computational guarantees.

Adversarial robustness is fundamentally at odds with lazy training in neural networks.

Abstract

Recent works show that adversarial examples exist for random neural networks [Daniely and Schacham, 2020] and that these examples can be found using a single step of gradient ascent [Bubeck et al., 2021]. In this work, we extend this line of work to "lazy training" of neural networks -- a dominant model in deep learning theory in which neural networks are provably efficiently learnable. We show that over-parametrized neural networks that are guaranteed to generalize well and enjoy strong computational guarantees remain vulnerable to attacks generated using a single step of gradient ascent.