What Is Data Poisoning?

Ajouté : 2026-05-17

[00:00:00]Have you heard of AI data poisoning?

[00:00:02]Very interesting stuff. Researchers proved you only need to corrupt 0.1% of an AI's training data to create a permanent backdoor. And I'll show you five real attacks and why bigger models don't help. Data poisoning is when attackers inject corrupt data into a model's training set, so the AI learns wrong from the start. The simplest example is label photos of dogs as speed limit 40 mph. Feed them to a self-driving cars AI. Now it sees a dog and it accelerates.

[00:00:43]In 2016, Microsoft launched Tay chatbot that learned from Twitter. Users flooded it, of course, with toxic content, and within 16 hours Microsoft pulled it offline. But modern attacks are far more sophisticated. Someone hid instructions inside GitHub code comments and poisoned Deep Seek's AI model with a persistent backdoor.

[00:01:07]Attackers seeded malicious text across the web. When Qwen 2.5's search tool retrieved it, the model output harmful content from just 11 words. And XAI's Grok lost its safety guardrails entirely because its training data was from X was saturated with jailbreak prompts. One word, "pliny", triggered the bypass.

[00:01:37]Anthropic proved that even the largest AI models can be poisoned with just a few hundred documents. Scale does not seem to protect you. Defenses include data validation before training, anomaly detection to catch poison samples, and federated learning where data never leaves the device, but the core problem remains. If you can't trust the training data, you can't trust the model.

[00:02:08]Most AI attacks target what the model does after training. Data poisoning targets when it learns. That's why it's the hardest to detect and the hardest to fix.

[00:02:23]Subscribe for more on AI security.