LLM-as-judge evaluation has become a default in benchmark construction, RLAIF, and agent leaderboards. We systematically probe the robustness of seven judge configurations against six adversary classes, ranging from prompt-injection in the candidate response to imperceptible suffix attacks tuned via gradient-free search.
Chain-of-thought (CoT) prompting is widely credited with enabling complex reasoning in large language models, yet the robustness of this capability to adversarial perturbations remains poorly characterized. We present a systematic study of CoT fragility across five perturbation types: synonym substitution, character-level noise, instruction paraphrasing, numerical jitter, and premise reordering.
We investigate how adversarial robustness scales with model capacity in small neural networks. Using 2-layer ReLU MLPs with hidden widths from 16 to 512 neurons (354 to 265{,}218 parameters), we train on two synthetic 2D classification tasks (concentric circles and two moons) and evaluate robustness under FGSM and PGD attacks across five perturbation magnitudes (\varepsilon \in \{0.
Vision Transformers (ViTs) have demonstrated remarkable performance across computer vision tasks, yet their robustness properties against adversarial perturbations remain insufficiently understood. In this work, we present a systematic analysis of how the self-attention mechanism in ViTs provides a natural defense against adversarial attacks.