{"id":"https://openalex.org/W7155203462","doi":"https://doi.org/10.48550/arxiv.2604.18756","title":"Towards Understanding the Robustness of Sparse Autoencoders","display_name":"Towards Understanding the Robustness of Sparse Autoencoders","publication_year":2026,"publication_date":"2026-04-20","ids":{"openalex":"https://openalex.org/W7155203462","doi":"https://doi.org/10.48550/arxiv.2604.18756"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.18756","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.18756","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.18756","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123534984","display_name":"Ahson Saiyed","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Saiyed, Ahson","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134302306","display_name":"Sabrina Sadiekh","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sadiekh, Sabrina","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134249681","display_name":"Chirag Agarwal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Agarwal, Chirag","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5123534984"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8928999900817871,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8928999900817871,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.010599999688565731,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.010200000368058681,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.76910001039505},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5943999886512756},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5759999752044678},{"id":"https://openalex.org/keywords/parametric-statistics","display_name":"Parametric statistics","score":0.4991999864578247},{"id":"https://openalex.org/keywords/residual","display_name":"Residual","score":0.49480000138282776},{"id":"https://openalex.org/keywords/minification","display_name":"Minification","score":0.4837999939918518}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.76910001039505},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6693999767303467},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5943999886512756},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5759999752044678},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5313000082969666},{"id":"https://openalex.org/C117251300","wikidata":"https://www.wikidata.org/wiki/Q1849855","display_name":"Parametric statistics","level":2,"score":0.4991999864578247},{"id":"https://openalex.org/C155512373","wikidata":"https://www.wikidata.org/wiki/Q287450","display_name":"Residual","level":2,"score":0.49480000138282776},{"id":"https://openalex.org/C147764199","wikidata":"https://www.wikidata.org/wiki/Q6865248","display_name":"Minification","level":2,"score":0.4837999939918518},{"id":"https://openalex.org/C2780513914","wikidata":"https://www.wikidata.org/wiki/Q18210350","display_name":"Bottleneck","level":2,"score":0.41990000009536743},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4034999907016754},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3596999943256378},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34529998898506165},{"id":"https://openalex.org/C24574437","wikidata":"https://www.wikidata.org/wiki/Q7135228","display_name":"Parametric model","level":3,"score":0.30570000410079956},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.2946000099182129},{"id":"https://openalex.org/C56372850","wikidata":"https://www.wikidata.org/wiki/Q1050404","display_name":"Sparse matrix","level":3,"score":0.26980000734329224},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2637999951839447},{"id":"https://openalex.org/C72169020","wikidata":"https://www.wikidata.org/wiki/Q194404","display_name":"Monotonic function","level":2,"score":0.2526000142097473}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.18756","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.18756","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.18756","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.18756","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"remain":[4,27],"vulnerable":[5],"to":[6,74,83],"optimization-based":[7],"jailbreak":[8,79,138],"attacks":[9,63],"that":[10],"exploit":[11],"internal":[12],"gradient":[13],"structure.":[14],"While":[15],"Sparse":[16],"Autoencoders":[17],"(SAEs)":[18],"are":[19,123],"widely":[20],"used":[21],"for":[22],"interpretability,":[23],"their":[24],"robustness":[25,117],"implications":[26],"underexplored.":[28],"We":[29],"present":[30],"a":[31,75,96,109,126],"study":[32],"of":[33],"integrating":[34],"pretrained":[35],"SAEs":[36],"into":[37],"transformer":[38],"residual":[39],"streams":[40],"at":[41],"inference":[42],"time,":[43],"without":[44],"modifying":[45],"model":[46,53],"weights":[47],"or":[48],"blocking":[49],"gradients.":[50],"Across":[51],"four":[52],"families":[54],"(Gemma,":[55],"LLaMA,":[56],"Mistral,":[57],"Qwen)":[58],"and":[59,87,103,107,118],"two":[60],"strong":[61],"white-box":[62],"(GCG,":[64],"BEAST)":[65],"plus":[66],"three":[67],"black-box":[68],"benchmarks,":[69],"SAE-augmented":[70],"models":[71],"achieve":[72],"up":[73],"5x":[76],"reduction":[77],"in":[78],"success":[80,105],"rate":[81],"relative":[82],"the":[84,133],"undefended":[85],"baseline":[86],"reduce":[88],"cross-model":[89],"attack":[90,104],"transferability.":[91],"Parametric":[92],"ablations":[93],"reveal":[94],"(i)":[95],"monotonic":[97],"dose-response":[98],"relationship":[99],"between":[100],"L0":[101],"sparsity":[102],"rate,":[106],"(ii)":[108],"layer-dependent":[110],"defense-utility":[111],"tradeoff,":[112],"where":[113],"intermediate":[114],"layers":[115],"balance":[116],"clean":[119],"performance.":[120],"These":[121],"findings":[122],"consistent":[124],"with":[125],"representational":[127],"bottleneck":[128],"hypothesis:":[129],"sparse":[130],"projection":[131],"reshapes":[132],"optimization":[134],"geometry":[135],"exploited":[136],"by":[137],"attacks.":[139]},"counts_by_year":[],"updated_date":"2026-04-23T06:20:18.424754","created_date":"2026-04-23T00:00:00"}