![[2602.17743] Provable Adversarial Robustness in In-Context Learning](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.17743] Provable Adversarial Robustness in In-Context Learning
Summary
This paper presents a framework for ensuring adversarial robustness in in-context learning (ICL) for large language models, addressing the limitations of current theoretical models under distributional shifts.
Why It Matters
As large language models become integral in various applications, ensuring their reliability against adversarial attacks is crucial. This research provides foundational insights into improving model robustness, which can enhance the safety and effectiveness of AI systems in real-world scenarios.
Key Takeaways
- Introduces a distributionally robust meta-learning framework for ICL.
- Establishes a link between model capacity and adversarial robustness.
- Demonstrates that robustness scales with model capacity and highlights sample complexity penalties in adversarial settings.
Computer Science > Machine Learning arXiv:2602.17743 (cs) [Submitted on 19 Feb 2026] Title:Provable Adversarial Robustness in In-Context Learning Authors:Di Zhang View a PDF of the paper titled Provable Adversarial Robustness in In-Context Learning, by Di Zhang View PDF HTML (experimental) Abstract:Large language models adapt to new tasks through in-context learning (ICL) without parameter updates. Current theoretical explanations for this capability assume test tasks are drawn from a distribution similar to that seen during pretraining. This assumption overlooks adversarial distribution shifts that threaten real-world reliability. To address this gap, we introduce a distributionally robust meta-learning framework that provides worst-case performance guarantees for ICL under Wasserstein-based distribution shifts. Focusing on linear self-attention Transformers, we derive a non-asymptotic bound linking adversarial perturbation strength ($\rho$), model capacity ($m$), and the number of in-context examples ($N$). The analysis reveals that model robustness scales with the square root of its capacity ($\rho_{\text{max}} \propto \sqrt{m}$), while adversarial settings impose a sample complexity penalty proportional to the square of the perturbation magnitude ($N_\rho - N_0 \propto \rho^2$). Experiments on synthetic tasks confirm these scaling laws. These findings advance the theoretical understanding of ICL's limits under adversarial conditions and suggest that model capacity serv...
