Data Poisoning

ethics-safety intermediate

Data poisoning is a deliberate attack where someone corrupts the information an AI model learns from, causing it to make systematic mistakes once deployed. Think of it like slipping a few fake pages into a textbook — the student will learn the wrong facts and confidently repeat them on the exam. The goal isn't to hack the system directly but to skew its understanding of the world. This can be done by injecting malicious samples into public datasets or by subtly altering existing training examples, often in ways invisible to human reviewers. For example, a security researcher demonstrated this by adding a small number of images where a stop sign had a tiny sticker on it, all mislabeled as 'speed limit' signs. A self-driving car model trained on this tainted data would then consistently fail to recognize real stop signs, creating a dangerous blind spot. I've seen teams confuse this with model drift, but the two are very different. Drift happens naturally over time as the world changes and the model's training data becomes stale — no malice involved. Poisoning is an active, targeted sabotage. This distinction matters because the fix for drift is often just retraining on fresh data, whereas a poisoned model might need a full forensic audit and a rollback to a clean dataset. For anyone using AI tools today, data poisoning is a reminder that a model is only as trustworthy as its sources. When you hear about a major chatbot suddenly spouting bizarre or offensive content, a compromised training pipeline is one of the first things engineers investigate.

← Back to Glossary