This paper introduces PixelDP, a certified defense against adversarial examples that is both scalable and broadly applicable. The defense leverages a novel connection between differential privacy (DP) and robustness against norm-bounded adversarial examples. By incorporating DP into the learning process, PixelDP ensures that small changes in input do not drastically alter predictions, providing a rigorous, generic, and flexible foundation for defense. PixelDP is based on a DP noise layer that randomizes the network's computation to enforce DP bounds on how much the distribution over predictions can change with small input perturbations. At inference time, these DP bounds are used to implement a certified robustness check for individual predictions. Passing the check guarantees that no perturbation up to a particular size will change the prediction. PixelDP is evaluated on several standard image classification datasets, including ImageNet, CIFAR-10, CIFAR-100, SVHN, and MNIST. Results show that PixelDP is as effective as state-of-the-art best-effort defenses and more scalable and broadly applicable than prior certified defenses. The paper also discusses the theoretical foundations of the DP-robustness connection, the architecture of PixelDP, and the training and prediction procedures. The approach is shown to be effective in providing certified robustness against adversarial examples, with the ability to scale to large networks and datasets.This paper introduces PixelDP, a certified defense against adversarial examples that is both scalable and broadly applicable. The defense leverages a novel connection between differential privacy (DP) and robustness against norm-bounded adversarial examples. By incorporating DP into the learning process, PixelDP ensures that small changes in input do not drastically alter predictions, providing a rigorous, generic, and flexible foundation for defense. PixelDP is based on a DP noise layer that randomizes the network's computation to enforce DP bounds on how much the distribution over predictions can change with small input perturbations. At inference time, these DP bounds are used to implement a certified robustness check for individual predictions. Passing the check guarantees that no perturbation up to a particular size will change the prediction. PixelDP is evaluated on several standard image classification datasets, including ImageNet, CIFAR-10, CIFAR-100, SVHN, and MNIST. Results show that PixelDP is as effective as state-of-the-art best-effort defenses and more scalable and broadly applicable than prior certified defenses. The paper also discusses the theoretical foundations of the DP-robustness connection, the architecture of PixelDP, and the training and prediction procedures. The approach is shown to be effective in providing certified robustness against adversarial examples, with the ability to scale to large networks and datasets.