Training Data Poisoning: Complete Defense Framework -Quiz

Why: This is most likely a sleeper attack because the backdoor remained dormant through testing and months of production, then activated based on a specific condition (the merchant code trigger). Context: Sleeper attacks are designed to pass all testing and only activate when the attacker-chosen condition is met – often a date or specific input pattern. Remember: Dormant for months then suddenly activates – classic sleeper attack pattern.

Why: This is an integrity attack (backdoor) because the model performs normally except when a specific trigger pattern is present – the shirt pattern activates the hidden backdoor. Context: The attack passed all standard accuracy tests because backdoors are designed to be invisible until the specific trigger appears. Remember: Works perfectly except for one hidden trigger – that is a backdoor.

Why: The Pravda network created approximately 3.6 million articles specifically designed to be scraped by AI training pipelines to inject specific narratives and biases into language models. Context: This attack exploited the fundamental vulnerability that most large language models are trained on web-scraped data with no reliable way to verify authenticity at scale. Remember: Pravda – 3.6 million fake articles to poison the entire web training pipeline.

Why: A sleeper attack is a backdoor designed to activate only after a specific date, keyword, or condition is met – remaining dormant through testing and production. Context: These attacks can pass extensive testing and months of production use because the trigger may be a future date or rare phrase that never appears during evaluation. Remember: Sleeper attacks are time-bombs – they wait until the attacker chooses to strike.

Why: Research shows poisoning attacks can achieve over 92% success rates with less than 0.1% of training data contaminated. Context: This demonstrates how little poisoned data is needed to compromise an entire model – even a tiny fraction affects every future interaction. Remember: Less than 0.1% contamination can achieve 92% success – small poison, big damage.

Why: Security researchers discovered approximately 100 machine learning models on HuggingFace that contained hidden backdoors or malicious code in 2024. Context: These were actual models available for download worldwide that appeared to function normally on standard benchmarks but contained exploitable triggers. Remember: 100 poisoned models on HuggingFace – this threat is real and happening now.

Why: Training data poisoning is when attackers deliberately inject malicious or manipulated data into AI training sets to corrupt model behavior or create hidden backdoors. Context: Unlike runtime attacks, poisoning happens before deployment and the corruption persists in every prediction the model makes. Remember: Poisoning corrupts at the foundation – before the model even exists.