This paper presents PixelDP, a novel certified defense against adversarial examples that scales to large networks and datasets, such as Google's Inception network trained on ImageNet. PixelDP leverages a connection between differential privacy (DP) and robustness against norm-bounded adversarial attacks. By incorporating a DP noise layer into the network architecture, PixelDP ensures that small changes in the input do not significantly alter the network's predictions. The defense is flexible and can be applied to various DNN architectures without requiring structural changes. The paper provides a formal proof of the robustness certification and evaluates PixelDP on multiple datasets and models, demonstrating its effectiveness and scalability compared to existing defenses. PixelDP offers meaningful certified robustness bounds with only a moderate degradation in model accuracy, making it a promising approach for enhancing the security of machine learning models.This paper presents PixelDP, a novel certified defense against adversarial examples that scales to large networks and datasets, such as Google's Inception network trained on ImageNet. PixelDP leverages a connection between differential privacy (DP) and robustness against norm-bounded adversarial attacks. By incorporating a DP noise layer into the network architecture, PixelDP ensures that small changes in the input do not significantly alter the network's predictions. The defense is flexible and can be applied to various DNN architectures without requiring structural changes. The paper provides a formal proof of the robustness certification and evaluates PixelDP on multiple datasets and models, demonstrating its effectiveness and scalability compared to existing defenses. PixelDP offers meaningful certified robustness bounds with only a moderate degradation in model accuracy, making it a promising approach for enhancing the security of machine learning models.