A system and method relate to providing machine learning predictions with defenses against patch attacks. The system and method include obtaining a digital image and generating a set of location data via a random process. The set of location data include randomly selected locations on the digital image that provide feasible bases for creating regions for cropping. A set of random crops is generated based on the set of location data. Each crop includes a different region of the digital image as defined in relation to its corresponding location data. The machine learning system is configured to provide a prediction for each crop of the set of random crops and output a set of predictions. The set of predictions is evaluated collectively to determine a majority prediction from among the set of predictions. An output label is generated for the digital image based on the majority prediction. The output label includes the majority prediction as an identifier for the digital image.