Adversarial robustness for production classifiers

Production ML classifiers are vulnerable to adversarial attacks that can cause misclassification with imperceptible perturbations. We need: - Defense mechanisms that work in real-time - Less than 2% accuracy drop on clean data - Protection against multiple attack vectors - Applicable to both image and text classifiers Both training-time and inference-time defenses are welcome.