Make the model resilient to attacks - Adversarial training - Certified defenses with provable guarantees - Ensemble methods that require attacking multiple models - Model hardening through distillation and regularization