# poisoning
62 articlestagged with “poisoning”
Conversational Memory Poisoning
Poisoning conversation history stores to alter the agent's understanding of prior interactions.
Memory Retrieval Poisoning
Manipulating memory retrieval mechanisms to surface adversarial context during agent reasoning.
Vector-Based Memory Poisoning
Poisoning vector-based memory stores in agent systems to inject false context into retrieval.
Shared Memory Space Poisoning
Poison memory spaces shared between multiple agents or users in multi-tenant agent deployments.
Function Calling Context Injection
Injecting adversarial content through function call results that influences subsequent model reasoning.
Function Result Poisoning
Poisoning function call results to inject instructions back into the model's reasoning chain.
MCP Schema Poisoning Attacks
Exploiting MCP tool schema definitions to inject malicious parameters and override expected behavior.
MCP Tool Schema Poisoning
Poisoning MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
A2A Artifact Poisoning
Injecting malicious content into shared artifacts and task results passed between agents in A2A workflows.
Agent Swarm Poisoning
Poisoning agent swarm coordination to manipulate collective decision-making and task allocation.
Vector Database Forensics
Forensic analysis techniques for detecting and investigating vector database poisoning, unauthorized modifications, and data integrity violations.
Skill Verification: Agent Memory Attacks
Practical verification of memory poisoning, context manipulation, and cross-session persistence skills.
Case Study: Production RAG Poisoning Incident
Detailed analysis of a real-world RAG poisoning incident including attack methodology, impact, and remediation.
Codebase Context Poisoning
Poisoning repository files that AI coding assistants use for context to influence code suggestions across the entire development team.
May 2026: RAG Poisoning Challenge
Inject malicious documents into a retrieval-augmented generation system to control responses for specific queries without disrupting normal operation.
Clean-Label Poisoning Attacks
Creating poisoned training samples that maintain correct labels while still influencing model behavior through subtle feature manipulation.
Data Deduplication Attacks
Exploiting and evading data deduplication processes used in training pipeline data cleaning to ensure poisoned samples survive preprocessing.
Data Poisoning Strategies
Comprehensive strategies for poisoning training data to influence model behavior at scale.
Federated Learning Poisoning
Attacking federated learning systems by submitting poisoned gradient updates from compromised participants while evading Byzantine-robust aggregation.
Gradient-Based Data Poisoning
Using gradient information to craft maximally effective poisoned samples that achieve attacker objectives with minimal data modification.
Knowledge Base Poisoning
Techniques for injecting adversarial documents into RAG knowledge bases: ingestion path analysis, embedding space attacks, SEO-style ranking manipulation, staged poisoning, and effectiveness measurement.
Practical Synthetic Data Poisoning
Poisoning synthetic data generation pipelines used for model training augmentation.
Web Crawl Poisoning at Scale
Strategic placement of adversarial content on the internet to influence web-crawled training datasets used by large language models.
Web-Scale Data Poisoning
Techniques for poisoning web-scale training data through targeted content manipulation.
Embedding Poisoning Techniques
Techniques for poisoning embedding spaces to manipulate retrieval and similarity search.
RAG Retrieval Poisoning
Poisoning document collections to manipulate what gets retrieved by RAG systems, enabling indirect prompt injection at scale.
Adapter Poisoning Attacks
Poisoning publicly shared adapters and LoRA weights to compromise downstream users.
Safety Dataset Poisoning
Attacking the safety training pipeline by poisoning safety evaluation datasets and safety-oriented fine-tuning data to undermine safety training.
Adversarial ML: Core Concepts
History and fundamentals of adversarial machine learning — perturbation attacks, evasion vs poisoning, robustness — bridging classical adversarial ML to LLM-specific attacks.
Code Suggestion Poisoning (Frontier Research)
Poisoning training data and package ecosystems to influence AI code suggestions: insecure pattern seeding, package name confusion, trojan code injection, and supply chain risks.
Federated Learning Model Poisoning
Poisoning federated learning aggregation through malicious gradient updates and byzantine attack vectors.
Synthetic Data Poisoning in Training Pipelines
Research on poisoning synthetic data generation pipelines used for model training and fine-tuning.
Poisoning Model Registries
Advanced techniques for attacking model registries like MLflow, Weights & Biases, and Hugging Face Hub, including model replacement attacks, metadata manipulation, artifact poisoning, and supply chain compromise through registry infrastructure.
Lab: Training Curriculum Poisoning
Exploit training data ordering and curriculum learning to amplify the impact of small numbers of poisoned examples.
Lab: Federated Learning Poisoning Attacks
Execute model poisoning attacks in a federated learning simulation by manipulating local model updates.
Lab: Federated Learning Poisoning Attack
Hands-on lab for understanding and simulating poisoning attacks against federated learning systems, where a malicious participant corrupts the shared model through crafted gradient updates.
Gradient-Guided Data Poisoning
Use gradient information from open-source models to craft optimally poisoned training examples.
Advanced RAG Poisoning Techniques
Execute sophisticated RAG poisoning including gradient-guided document crafting.
CTF: Supply Chain Attack
Find and exploit vulnerabilities in an ML supply chain including compromised dependencies, poisoned models, backdoored training data, and malicious model files. Practice ML-specific supply chain security assessment.
Lab: ML Pipeline Poisoning
Compromise an end-to-end machine learning pipeline by attacking data ingestion, preprocessing, training, evaluation, and deployment stages. Learn to identify and exploit weaknesses across the full ML lifecycle.
Federated Learning Poisoning Attack
Execute model poisoning attacks in a federated learning setting through adversarial participant manipulation.
Lab: Advanced RAG Poisoning
Hands-on lab for crafting documents that reliably get retrieved and influence RAG responses for specific target queries.
Context Window Poisoning Lab
Exploit context window management to inject persistent adversarial content that influences future model responses.
Lab: Agent Memory Poisoning
Hands-on lab exploring how conversational memory in AI agents can be poisoned to alter future behavior, inject persistent instructions, and exfiltrate data across sessions.
RAG Context Poisoning
Poison a vector database to inject adversarial content into RAG retrieval results.
Lab: RAG Pipeline Poisoning
Hands-on lab for setting up a RAG pipeline with LlamaIndex, injecting malicious documents, testing retrieval poisoning, and measuring injection success rates.
Semantic Search Poisoning
Craft adversarial documents that rank highly in semantic search for targeted queries in RAG systems.
Simulation: RAG Pipeline Poisoning
Red team engagement simulation targeting a RAG-based knowledge management system, covering embedding injection, document poisoning, retrieval manipulation, and knowledge base exfiltration.
Model Telemetry Poisoning
Manipulating model telemetry and observability data to hide attacks, create false positives, or undermine monitoring effectiveness.
Multimodal RAG Poisoning
Poisoning multimodal RAG systems through adversarial documents with embedded visual and textual payloads.
RAG Retrieval Poisoning (Rag Data Attacks)
Techniques for poisoning RAG knowledge bases to inject malicious content into LLM context, including embedding manipulation, document crafting, and retrieval hijacking.
Gradient-Based Data Poisoning (Training Pipeline)
Using gradient information to craft optimally adversarial training examples for targeted model manipulation.
Preference Data Poisoning (Training Pipeline)
Poisoning preference data used in RLHF and DPO to shift model alignment toward attacker objectives.
Synthetic Data Poisoning Vectors
Attack vectors specific to synthetic data generation pipelines used in model training and augmentation.
Tokenizer Poisoning Attacks
Attacking tokenizer training and vocabulary to create adversarial token patterns that bypass safety measures.
Training Data Curation Attacks
Attacking the data curation pipeline to inject adversarial examples into training datasets at scale.
LLM Cache Poisoning Walkthrough
Poison LLM response caches to serve adversarial content to other users without direct injection.
Few-Shot Example Poisoning Walkthrough
Poison few-shot examples in prompts to establish behavioral patterns that override system instructions.
Function Schema Poisoning Walkthrough
Poison function schemas to inject hidden instructions that redirect model tool selection and parameter filling.
RAG Poisoning End-to-End Walkthrough
Complete walkthrough of poisoning a RAG system from document injection through information extraction.
Model Supply Chain Poisoning
Walkthrough of poisoning ML supply chains through dependency confusion, model weight manipulation, and hub attacks.
RAG Hybrid Search Poisoning Walkthrough
Walkthrough of poisoning both vector and keyword search in hybrid RAG architectures for maximum retrieval influence.