Nicholas Carlini

papers

7,023

total citations

papers (21)

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples

NEURIPS 2022arXiv

citations

Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI

ICLR 2025arXiv

citations

Increasing Confidence in Adversarial Robustness Evaluations

NEURIPS 2022arXiv

citations

Measuring Non-Adversarial Reproduction of Training Data in Large Language Models

ICLR 2025arXiv

citations

Effective Robustness against Natural Distribution Shifts for Models with Different Training Data

NEURIPS 2023arXiv

citations

Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards

ICML 2025arXiv

citations

Initialization Matters for Adversarial Transfer Learning

CVPR 2024arXiv

citations

AutoAdvExBench: Benchmarking Autonomous Exploitation of Adversarial Example Defenses

ICML 2025arXiv

citations

Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

ICML 2025

citations

IF-Guide: Influence Function-Guided Detoxification of LLMs

NEURIPS 2025arXiv

citations

Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining

ICML 2024

citations

Nicholas Carlini

papers (21)

FixMatch: Simplifying Semi-Supervised Learning with Consistency and Confidence

On Adaptive Attacks to Adversarial Example Defenses

Measuring Robustness to Natural Distribution Shifts in Image Classification

Are aligned neural networks adversarially aligned?

Counterfactual Memorization in Neural Language Models

Stealing part of a production language model

The Privacy Onion Effect: Memorization is Relative

Handcrafted Backdoors in Deep Neural Networks

Students Parrot Their Teachers: Membership Inference on Model Distillation

Persistent Pre-training Poisoning of LLMs

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples

Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI

Increasing Confidence in Adversarial Robustness Evaluations

Measuring Non-Adversarial Reproduction of Training Data in Large Language Models

Effective Robustness against Natural Distribution Shifts for Models with Different Training Data

Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards

Initialization Matters for Adversarial Transfer Learning

AutoAdvExBench: Benchmarking Autonomous Exploitation of Adversarial Example Defenses

Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

IF-Guide: Influence Function-Guided Detoxification of LLMs

Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining

papers (21)

FixMatch: Simplifying Semi-Supervised Learning with Consistency and Confidence

On Adaptive Attacks to Adversarial Example Defenses

Measuring Robustness to Natural Distribution Shifts in Image Classification

Are aligned neural networks adversarially aligned?

Counterfactual Memorization in Neural Language Models

Stealing part of a production language model

The Privacy Onion Effect: Memorization is Relative

Handcrafted Backdoors in Deep Neural Networks

Students Parrot Their Teachers: Membership Inference on Model Distillation

Persistent Pre-training Poisoning of LLMs

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples

Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI

Increasing Confidence in Adversarial Robustness Evaluations

Measuring Non-Adversarial Reproduction of Training Data in Large Language Models

Effective Robustness against Natural Distribution Shifts for Models with Different Training Data

Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards

Initialization Matters for Adversarial Transfer Learning

AutoAdvExBench: Benchmarking Autonomous Exploitation of Adversarial Example Defenses

Position: In-House Evaluation Is Not Enough. Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

IF-Guide: Influence Function-Guided Detoxification of LLMs

Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining