A wide range of defenses have been proposed to harden neural networks againstadversarial attacks. However, a pattern has emerged in which the majority ofadversarial defenses are quickly broken by new attacks. Given the lack ofsuccess at generating robust defenses, we are led to ask a fundamentalquestion: Are adversarial attacks inevitable? This paper analyzes adversarial examples from a theoretical perspective, andidentifies fundamental bounds on the susceptibility of a classifier toadversarial attacks. We show that, for certain classes of problems, adversarialexamples are inescapable. Using experiments, we explore the implications oftheoretical guarantees for real-world problems and discuss how factors such asdimensionality and image complexity limit a classifier's robustness againstadversarial examples.