Data Poisoning
An attack where manipulated data is injected into the training process to deliberately influence model behavior.
Data poisoning manipulates training data to corrupt model behavior – particularly dangerous for web-based training and LLMs.
Explanation
Poisoning can be implemented as availability attack (degrade overall performance) or integrity attack (backdoor for specific triggers). Web scraping-based training is particularly vulnerable.
Marketing Relevance
LLMs and foundation models trained on internet data are vulnerable. Marketing AI on user-generated content can be poisoned.
Example
Attackers place manipulated reviews on a platform. The sentiment model learns false associations and systematically misrates certain products.
Common Pitfalls
Hard to detect in large datasets. Data curation alone isn't enough. Certification against poisoning is compute-intensive.
Origin & History
Biggio et al. (2012) formalized poisoning attacks. Gu et al. (2017) showed backdoor attacks (BadNets). Carlini & Terzis (2022) demonstrated web poisoning against foundation models. LLM poisoning is active research.
Comparisons & Differences
Data Poisoning vs. Adversarial Attacks
Adversarial attacks manipulate inputs at inference time; data poisoning manipulates training data before training.
Data Poisoning vs. Model Extraction
Model extraction steals the model; data poisoning corrupts the model from within.