The paper introduces a technique called "randomized smoothing" to transform any classifier that performs well under Gaussian noise into a new classifier that is certifiably robust to adversarial perturbations in the $\ell_2$ norm. This technique has been proposed in recent literature, but existing guarantees are loose. The authors prove a tight robustness guarantee in the $\ell_2$ norm for smoothing with Gaussian noise. They use randomized smoothing to achieve a certified top-1 accuracy of 49% on ImageNet under adversarial perturbations with an $\ell_2$ norm less than 0.5. No other certified defense has been shown feasible on ImageNet except for smoothing. On smaller datasets where competing methods for certified $\ell_2$ robustness are viable, smoothing delivers higher certified accuracies. The authors provide Monte Carlo algorithms to evaluate the smoothed classifier's prediction and certify its robustness, which are guaranteed to succeed with arbitrarily high probability. They also discuss the advantages of randomized smoothing over other certified robustness methods, including its simplicity, scalability to large neural networks, and the ability to use arbitrarily large networks as the base classifier. The paper includes empirical results and comparisons with other methods, demonstrating the effectiveness of randomized smoothing.The paper introduces a technique called "randomized smoothing" to transform any classifier that performs well under Gaussian noise into a new classifier that is certifiably robust to adversarial perturbations in the $\ell_2$ norm. This technique has been proposed in recent literature, but existing guarantees are loose. The authors prove a tight robustness guarantee in the $\ell_2$ norm for smoothing with Gaussian noise. They use randomized smoothing to achieve a certified top-1 accuracy of 49% on ImageNet under adversarial perturbations with an $\ell_2$ norm less than 0.5. No other certified defense has been shown feasible on ImageNet except for smoothing. On smaller datasets where competing methods for certified $\ell_2$ robustness are viable, smoothing delivers higher certified accuracies. The authors provide Monte Carlo algorithms to evaluate the smoothed classifier's prediction and certify its robustness, which are guaranteed to succeed with arbitrarily high probability. They also discuss the advantages of randomized smoothing over other certified robustness methods, including its simplicity, scalability to large neural networks, and the ability to use arbitrarily large networks as the base classifier. The paper includes empirical results and comparisons with other methods, demonstrating the effectiveness of randomized smoothing.