◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Data and model poisoning

Definition
An attack where a bad actor deliberately corrupts the data used to train or update an AI model—or injects malicious content into the knowledge base the model draws on at runtime. The goal is to make the model behave incorrectly, produce biased outputs, or create hidden backdoors that can be triggered later.
Why it matters
Poisoned training data is invisible to end users and can persist through product updates, meaning a compromised model may give subtly wrong or harmful answers long after deployment. Supply-chain attacks that poison AI packages (like the Shai-Hulud/Miasma worm) show this is no longer hypothetical.
Demonstrated by recent findings
Shai-Hulud/Hades Campaign: PyPI Supply-Chain Worm Injects AI Scanner-Evasion Prompts and Backdoors AI Coding Agent ConfigsShai-Hulud/Miasma Worm Escalates to 100+ npm/PyPI Packages — Persists in Claude Code, VS Code, Gemini CLI Agent Config Files; mistralai & guardrails-ai Confirmed CompromisedSpring AI Vector Stores — Special-Character Injection Enables Arbitrary Query Execution in Elasticsearch, OpenSearch, and GemFire
References
OWASP LLM Top 10 2025 — LLM04: Data and Model PoisoningMITRE ATLAS — ML Supply Chain Compromise
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →