“…Although we do not provide decision-based attack results, other empirical work suggests that robustness in this regime can be improved with population nonlinearities, sparsity, and recurrence. For example, robustness to decision-based attacks has been shown by imposing sparsification ( Marzi, Gopalakrishnan, Madhow, & Pedarsani, 2018 ; Alexos, Panousis, & Chatzis, 2020 ), recurrence ( Krotov & Hopfield, 2018 ; Yan et al, 2019 ), and specifically with the LCA network ( Springer, Strauss, Thresher, Kim, & Kenyon, 2018 ; Kim, Yarnall, Shah, & Kenyon, 2019 ; Kim, Rego, Watkins, & Kenyon, 2020 ). We offer a theoretical explanation for these findings.…”