A private learner is trained on a sample of labeled points and generates1 a hypothesis that can be used for predicting the labels of newly sampled2 points while protecting the privacy of the training set [Kasiviswannathan3 et al., FOCS 2008]. Research uncovered that private learners may need to4 exhibit significantly higher sample complexity than non-private learners5 as is the case with, e.g., learning of one-dimensional threshold functions6 [Bun et al., FOCS 2015, Alon et al., STOC 2019].7 We explore prediction as an alternative to learning. Instead of putting8 forward a hypothesis, a predictor answers a stream of classification queries.9 Earlier work has considered a private prediction model with just a single10 classification query [Dwork and Feldman, COLT 2018]. We observe that11 when answering a stream of queries, a predictor must modify the hypothesis12 it uses over time, and, furthermore, that it must use the queries for this13 modification, hence introducing potential privacy risks with respect to the14 queries themselves.15 We introduce private everlasting prediction taking into account the privacy16 of both the training set and the (adaptively chosen) queries made to the17 predictor. We then present a generic construction of private everlasting18 predictors in the PAC model. The sample complexity of the initial training19 sample in our construction is quadratic (up to polylog factors) in the VC20 dimension of the concept class. Our construction allows prediction for21 all concept classes with finite VC dimension, and in particular threshold22 functions with constant size initial training sample, even when considered23 over infinite domains, whereas it is known that the sample complexity24 of privately learning threshold functions must grow as a function of the25 domain size and hence is impossible for infinite domains.26

This supplemental material introduces implementation details, additional comparison experiments, complete proofs and checklist of our proposed model. A.1 Implementation Details Network Architecture: Inspired by [33], we utilize a pre-trained ResNet-50 [20] as the feature extractor for object recognition tasks (i.e., Office-31 [22], Office-Caltech [18] and Office-Home [46]). The penultimate fully-connected layer is replaced with a bottleneck layer and a classifier with weight normalization. Batch normalization is employed to normalize the outputs of bottleneck layer. For digit recognition task (i.e., Digits-Five [41]), we utilize a variant of the LeNet [27] as the feature extractor and classifier.

Location estimation is one of the most basic questions in parametric statistics. Suppose we have a known distribution density f, and we get ni.i.d.

W e explore prediction as an alternative to learning.

The universal approximation Theorem 3.1 immediately implies another universal approximation Thus y (t) solves the ODE (2.6), with initial condition y (0) = y (0) = 0 . Reconstruction of a continuous signal from its sine transform. Step 0: (Equicontinuity) We recall the following fact from topology. F (τ):= null f (τ), for τ 0, f ( τ), for τ 0. Since F is odd, the Fourier transform of F is given by We provide the details below. The next step in the proof of the fundamental Lemma 3.5 needs the following preliminary result in By (B.3), this implies that It follows from Lemma 3.4 that for any input By the sine transform reconstruction Lemma B.1, there exists It follows from Lemma 3.6, that there exists Indeed, Lemma 3.7 shows that time-delays of any given input signal can be approximated with any Step 1: By the Fundamental Lemma 3.5, there exist It follows from Lemma 3.6, that there exists an oscillator Step 3: Finally, by Lemma 3.8, there exists an oscillator network,

Spectral gradient methods, such as the Muon optimizer, modify gradient updates by preserving directional information while discarding scale, and have shown strong empirical performance in deep learning. We investigate the mechanisms underlying these gains through a dynamical analysis of a nonlinear phase retrieval model with anisotropic Gaussian inputs, equivalent to training a two-layer neural network with the quadratic activation and fixed second-layer weights. Focusing on a spiked covariance setting where the dominant variance direction is orthogonal to the signal, we show that gradient descent (GD) suffers from a variance-induced misalignment: during the early escaping stage, the high-variance but uninformative spike direction is multiplicatively amplified, degrading alignment with the true signal under strong anisotropy. In contrast, spectral gradient descent (SpecGD) removes this spike amplification effect, leading to stable alignment and accelerated noise contraction. Numerical experiments confirm the theory and show that these phenomena persist under broader anisotropic covariances.

Sentiment analysis is a helpful task to automatically analyse opinions and emotions on various topics in areas such as AI for Social Good, AI in Education or marketing. While many of the sentiment analysis systems are developed for English, many African languages are classified as low-resource languages due to the lack of digital language resources like text labelled with corresponding sentiment classes. One reason for that is that manually labelling text data is time-consuming and expensive. Consequently, automatic and rapid processes are needed to reduce the manual effort as much as possible making the labelling process as efficient as possible. In this paper, we present and analyze an automatic language-independent sentiment labelling method that leverages information from sentiment-bearing emojis and words. Our experiments are conducted with tweets in the languages English, Sepedi and Setswana from SAfriSenti, a multilingual sentiment corpus for South African languages. We show that our sentiment labelling approach is able to label the English tweets with an accuracy of 66%, the Sepedi tweets with 69%, and the Setswana tweets with 63%, so that on average only 34% of the automatically generated labels remain to be corrected.

We explore if RL can be useful for symbolic mathematics. Previous work showed contrastive learning can solve linear equations in one variable. We show model-free PPO \cite{schulman2017proximal} augmented with curiosity-based exploration and graph-based actions can solve nonlinear equations such as those involving radicals, exponentials, and trig functions. Our work suggests curiosity-based exploration may be useful for general symbolic reasoning tasks.

The rapid deployment of large language model (LLM)-based agents in real-world applications has raised serious concerns about their trustworthiness. In this work, we reveal the security and robustness vulnerabilities of these agents through backdoor attacks. Distinct from traditional backdoors limited to single-step control, we propose the Chain-of-Trigger Backdoor (CoTri), a multi-step backdoor attack designed for long-horizon agentic control. CoTri relies on an ordered sequence. It starts with an initial trigger, and subsequent ones are drawn from the environment, allowing multi-step manipulation that diverts the agent from its intended task. Experimental results show that CoTri achieves a near-perfect attack success rate (ASR) while maintaining a near-zero false trigger rate (FTR). Due to training data modeling the stochastic nature of the environment, the implantation of CoTri paradoxically enhances the agent's performance on benign tasks and even improves its robustness against environmental distractions. Our work highlights that CoTri achieves stable, multi-step control within agents, improving their inherent robustness and task capabilities, which ultimately makes the attack more stealthy and raises potential safty risks. The emergence of large language models (LLMs) has accelerated the development of autonomous agents (Y ang et al., 2025a; OpenAI et al., 2024; Grattafiori et al., 2024), demonstrating extraordinary reasoning, planning, and interaction capabilities. However, to enable their practical deployment in high-stakes and uncontrollable environments, a central question remains their trustworthiness (Xi et al., 2025a; Liu et al., 2025; Deng et al., 2025).