A new framework lets companies audit AI safety without handing over their data or their model.
Researchers have released SecureCROWN, the first framework designed to run robustness verification on neural networks under secure two-party computation. The setup covers a scenario where one party owns a trained model and another owns the test data — and neither wants to expose what they have. Using a cryptographic protocol called 2PC, both parties compute certified robustness bounds together, with only the final result visible to either side. The team benchmarked runtimes between 0.1 and 200 seconds depending on model size and whether the connection was a local network or a wide-area network.
Robustness verification — checking whether small input changes can flip a model's output — is already a niche discipline, but privacy rules have made it nearly impossible in regulated industries. A hospital can't hand patient scans to a third-party verifier; a vendor can't expose proprietary weights to a client's auditor. SecureCROWN is a direct technical answer to that deadlock, and the fact that it matches plaintext verification results exactly is not a trivial claim.
The core engineering problem the paper solves is worth noting: standard secure computation breaks when code branches on private data, and neural network verification is full of exactly those conditional operations. The researchers reformulated the branching logic as continuous arithmetic — no conditionals, no leakage — and added a Newton-Raphson pass to keep the numbers stable. It's a tidy solution to what has been an awkward theoretical gap for years, even if production adoption will depend on whether 200-second worst-case runtimes are acceptable outside a lab.