1: \begin{abstract}

2: %\lucal{Let's remember that the version submitted for AAAI must be blinded. Instead, we can put a version with names in arxiv.}

3: Bayesian inference and Gaussian processes  are widely used 

4: in

5: applications ranging from robotics and control to biological systems. 

6: Many of these applications are safety-critical and require a 

7: characterization of the uncertainty associated with the learning model 

8: and formal guarantees on its predictions. In this paper we define a 

9: robustness measure for Bayesian inference against input perturbations, 

10: given by the probability that, for a test point and a compact set in the 

11: input space containing the test point, the prediction of the learning 

12: model will remain $\delta-$close for all the points in the set, for 

13: $\delta>0.$ Such measures can be used to provide formal guarantees for 

14: the absence of adversarial examples.

15: By employing the theory of Gaussian processes, we derive tight upper 

16: bounds on the resulting robustness  

17: by utilising the Borell-TIS 

18: inequality, and propose algorithms for their computation.

19: We evaluate our techniques on two examples, a GP regression problem and 

20: a fully-connected deep neural network, where we rely on weak convergence 

21: to GPs to study adversarial examples on the MNIST dataset\footnote{Code is available at https://github.com/andreapatane/checkGP.}.

22: %We apply our results on two case studies. In the former we consider a regression problem taken for the literature and in the latter we apply our results  in the context of fully-connected deep neural networks. We use the convergence of deep neural networks to GPs to study adversarial examples on the MNIST database.   \footnote{The code for our experiments can be found at $write here$.}

23: 

24: \end{abstract}

25: