This work addresses the long-standing disconnect between ℓ²-provable robustness and ℓ∞ empirical robustness by proposing HyCAS, a method that simultaneously enhances both while preserving model generalization. HyCAS introduces, for the first time, an integrated randomized defense architecture that combines spectrally normalized convolutions, random projection filters, and randomized attention noise to ensure an overall ≤2-Lipschitz constraint. Evaluated across multiple benchmarks—including CIFAR-10/100, ImageNet-1k, NIH Chest X-ray, and HAM10000—the approach achieves up to a 7.3% improvement in certified accuracy and a 3.1% gain in ℓ∞ empirical robustness, all without compromising clean-sample accuracy.

We introduce Hybrid Convolutions with Attention Stochasticity (HyCAS), an adversarial defense that narrows the long-standing gap between provable robustness under L2 certificates and empirical robustness against strong L attacks, while preserving strong generalization across diverse imaging benchmarks. HyCAS unifies deterministic and randomized principles by coupling 1-Lipschitz, spectrally normalized convolutions with two stochastic components, spectral normalized random, projection filters and a randomized attention-noise mechanism, to realize a randomized defense. Injecting smoothing randomness inside the architecture yields an overall <= 2-Lipschitz network with formal certificates. Exten-sive experiments on diverse imaging benchmarks, including CIFAR-10/100, ImageNet-1k, NIH Chest X-ray, HAM10000, show that HyCAS surpasses prior leading certified and empirical defenses, boosting certified accuracy by up to 7.3% (on NIH Chest X-ray) and empirical robustness by up to 3.1% (on HAM10000), without sacrificing clean accuracy. These results show that a randomized Lipschitz constrained architecture can simultaneously improve both certified L2 and empirical L adversarial robustness, thereby supporting safer deployment of deep models in high-stakes applications. Code: https://github.com/misti1203/HyCAS