This work proposes Cascaded Robustness Verification (CRV), a novel framework that addresses the limitations of existing neural network robustness verification methods, which often underestimate model robustness due to reliance on a single incomplete verifier and suffer from computational inefficiency. CRV introduces, for the first time, a model-agnostic paradigm that cascades multiple verifiers, integrating a progressive relaxation algorithm with an early termination mechanism to dynamically balance verification precision and computational cost while preserving certification soundness. Experimental results demonstrate that CRV achieves up to a 90% reduction in verification time compared to state-of-the-art strong verifiers, all while maintaining certification accuracy at or above their levels, thereby substantially improving verification efficiency.

Certifying neural network robustness against adversarial examples is challenging, as formal guarantees often require solving non-convex problems. Hence, incomplete verifiers are widely used because they scale efficiently and substantially reduce the cost of robustness verification compared to complete methods. However, relying on a single verifier can underestimate robustness because of loose approximations or misalignment with training methods. In this work, we propose Cascading Robustness Verification (CRV), which goes beyond an engineering improvement by exposing fundamental limitations of existing robustness metric and introducing a framework that enhances both reliability and efficiency. CRV is a model-agnostic verifier, meaning that its robustness guarantees are independent of the model's training process. The key insight behind the CRV framework is that, when using multiple verification methods, an input is certifiably robust if at least one method certifies it as robust. Rather than relying solely on a single verifier with a fixed constraint set, CRV progressively applies multiple verifiers to balance the tightness of the bound and computational cost. Starting with the least expensive method, CRV halts as soon as an input is certified as robust; otherwise, it proceeds to more expensive methods. For computationally expensive methods, we introduce a Stepwise Relaxation Algorithm (SR) that incrementally adds constraints and checks for certification at each step, thereby avoiding unnecessary computation. Our theoretical analysis demonstrates that CRV achieves equal or higher verified accuracy compared to powerful but computationally expensive incomplete verifiers in the cascade, while significantly reducing verification overhead. Empirical results confirm that CRV certifies at least as many inputs as benchmark approaches, while improving runtime efficiency by up to ~90%.