What is data poisoning?

Data poisoning is when an attacker contaminates the training data so the model learns from tainted examples and behaves undesirably. By injecting harmful, mislabeled, or biased samples into the dataset, the attacker can shift the model’s decision boundaries or cause it to produce manipulated outputs, sometimes even introducing backdoors that trigger under specific inputs. This undermines reliability and can lead to incorrect classifications, degraded performance, or targeted behavior that benefits the attacker. In practice, poisoned data can come from untrusted data sources, crowdsourced labeling, or compromised data pipelines, making data integrity a critical security concern for AI systems. The essence is about tampering with the training data itself to corrupt model outputs, not about encrypting data, altering model weights directly, or shortening training time. Encrypting data keeps confidentiality but doesn’t affect how the model learns; shuffling weights is a change to the model after training, not a data tampering attack; and reducing training time is an optimization issue, not a data integrity attack. Defenses include ensuring data provenance, validating and sanitizing training data, anomaly and poisoning detection, and using robust training techniques and strict access controls.