CAMP in the Odyssey: Provably Robust Reinforcement Learning with Certified Radius Maximization
Derui Wang
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · ML and AI Security 4: Robustness
Deep Reinforcement Learning (DRL) agents are increasingly deployed in high-stakes environments, from autonomous vehicles to critical infrastructure control. However, the inherent vulnerability of these agents to adversarial perturbations—small, often imperceptible changes to their sensory observations—presents a significant challenge to their trustworthiness and safe deployment. This talk by Derui Wang introduces "CAMP in the Odyssey," a novel approach designed to enhance the **certified robustness** of DRL agents. The work addresses a critical limitation in existing certification methods: the inability to directly optimize the certified radius, a key metric indicating an agent's resilience to adversarial attacks.
AI review
Legitimate ML security research with a clear technical contribution — directly optimizing certified radius via a Q-value gap surrogate is a real advance over binary-search-after-the-fact approaches. Competent work, but this is a conference paper presentation, not a security operations talk, and the threat model stays firmly in the academic sandbox.