Calibrating Uncertainty for Zero-Shot Adversarial CLIP

Researchers propose an adversarial fine-tuning method for CLIP that addresses a critical gap in zero-shot classification: while perturbations degrade accuracy, they also suppress uncertainty estimates, causing overconfidence. The approach reparameterizes CLIP outputs as Dirichlet distribution parameters to jointly optimize for robustness and calibrated uncertainty, achieving competitive results across benchmarks.

The research identifies a fundamental reliability problem in adversarial machine learning that extends beyond traditional robustness metrics. CLIP models, despite strong zero-shot performance, exhibit pathological behavior under attack: adversarial perturbations simultaneously reduce accuracy and collapse uncertainty estimates, creating a dangerous miscalibration where the model becomes more confident precisely when it should express doubt. This inversion of expected behavior represents a blind spot in current adversarial training paradigms.

Traditional adversarial fine-tuning focuses narrowly on matching logit outputs between clean and perturbed inputs, treating this as a sufficient proxy for robustness. However, this logit-centric approach ignores the statistical properties of uncertainty quantification, leaving models vulnerable to catastrophic failure modes where incorrect predictions appear highly confident. The gap between robustness and reliable uncertainty estimation has significant implications for safety-critical applications relying on CLIP embeddings.

The proposed Dirichlet parameterization offers a principled statistical framework for joint optimization. By treating CLIP outputs as concentration parameters rather than raw logits, the method captures both semantic structure and confidence magnitude within a unified probabilistic representation. This enables distribution alignment that preserves calibration properties under perturbations while maintaining clean accuracy performance.

For practitioners deploying CLIP in production systems, this work highlights the necessity of evaluating models across multiple reliability dimensions. The research demonstrates that robustness and calibration are interdependent properties requiring simultaneous consideration. Future adversarial training methods will likely incorporate uncertainty-aware objectives as standard practice, moving beyond single-metric optimization toward holistic reliability assessment.

• →Adversarial perturbations suppress uncertainty in CLIP, causing overconfident misclassifications despite degraded accuracy.
• →Traditional logit-matching fine-tuning overlooks uncertainty calibration, creating a reliability gap beyond standard robustness metrics.
• →Dirichlet parameterization enables joint optimization of accuracy, robustness, and calibrated uncertainty in zero-shot settings.
• →The method achieves competitive adversarial robustness while preserving clean accuracy across multiple benchmarks.
• →Uncertainty-aware adversarial training represents a necessary shift toward holistic reliability in production AI systems.