Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates

Open in new window