This paper challenges the assumption that adversarial training is more computationally expensive than traditional training. The authors demonstrate that the Fast Gradient Sign Method (FGSM), when combined with random initialization, can achieve performance comparable to projected gradient descent (PGD)-based training, but with significantly lower computational cost. They show that FGSM adversarial training can be further accelerated using standard techniques for efficient deep learning training, such as cyclic learning rates and mixed-precision training. This allows them to train robust classifiers on CIFAR10 and ImageNet in a fraction of the time required by previous methods. For example, they train a CIFAR10 classifier with 45% robust accuracy against PGD attacks with ε = 8/255 in 6 minutes, and an ImageNet classifier with 43% robust accuracy at ε = 2/255 in 12 hours, compared to 80 hours and 50 hours for previous methods. The paper also identifies a failure mode called "catastrophic overfitting," which may have caused previous attempts at FGSM adversarial training to fail. This occurs when the model overfits to a restricted threat model, leading to a sudden drop in robustness against stronger PGD attacks. The authors show that using random initialization instead of zero initialization can prevent this overfitting and lead to robust performance. They also demonstrate that FGSM adversarial training can be effectively combined with techniques from the DAWNBench competition, such as cyclic learning rates and mixed-precision training, to further improve performance and reduce training time. The results show that FGSM adversarial training is not only as effective as PGD-based training but can be significantly faster, making it a viable alternative for training robust models.This paper challenges the assumption that adversarial training is more computationally expensive than traditional training. The authors demonstrate that the Fast Gradient Sign Method (FGSM), when combined with random initialization, can achieve performance comparable to projected gradient descent (PGD)-based training, but with significantly lower computational cost. They show that FGSM adversarial training can be further accelerated using standard techniques for efficient deep learning training, such as cyclic learning rates and mixed-precision training. This allows them to train robust classifiers on CIFAR10 and ImageNet in a fraction of the time required by previous methods. For example, they train a CIFAR10 classifier with 45% robust accuracy against PGD attacks with ε = 8/255 in 6 minutes, and an ImageNet classifier with 43% robust accuracy at ε = 2/255 in 12 hours, compared to 80 hours and 50 hours for previous methods. The paper also identifies a failure mode called "catastrophic overfitting," which may have caused previous attempts at FGSM adversarial training to fail. This occurs when the model overfits to a restricted threat model, leading to a sudden drop in robustness against stronger PGD attacks. The authors show that using random initialization instead of zero initialization can prevent this overfitting and lead to robust performance. They also demonstrate that FGSM adversarial training can be effectively combined with techniques from the DAWNBench competition, such as cyclic learning rates and mixed-precision training, to further improve performance and reduce training time. The results show that FGSM adversarial training is not only as effective as PGD-based training but can be significantly faster, making it a viable alternative for training robust models.