# data-poisoning

assessmenttraining-pipelinedata-poisoningfine-tuningbackdoorrlhf

Training Pipeline Security Assessment

Test your advanced knowledge of training pipeline attacks including data poisoning, fine-tuning hijacking, RLHF manipulation, and backdoor implantation with 9 questions.

capstonetraining-pipelinedata-poisoningbackdooradvanced

Capstone: Training Pipeline Attack & Defense

Attack a model training pipeline through data poisoning and backdoor insertion, then build defenses to detect and prevent these attacks.

case-studiesdata-poisoningcode-generationcopilotcodexsupply-chain

Case Study: Training Data Poisoning in Code Generation Models

Analysis of training data poisoning attacks targeting code generation models like GitHub Copilot and OpenAI Codex, where adversarial code patterns in training data cause models to suggest vulnerable or malicious code.

data-securityragtraining-attacksmodel-extractionprivacydata-poisoning

Data & Training Security

Security vulnerabilities in the AI data pipeline, covering RAG exploitation, training data attacks, model extraction and intellectual property theft, and privacy attacks against deployed models.

clean-labeldata-poisoninggradient-basedfeature-collisionbackdoor

Clean-Label Data Poisoning

Deep dive into clean-label poisoning attacks that corrupt model behavior without modifying labels, including gradient-based methods, feature collision, and witches' brew attacks.

data-poisoningtrainingclean-labelfeature-collisionbilevel-optimizationdetection-evasion

Data Poisoning Methods

Practical methodology for poisoning training datasets at scale, including crowdsource manipulation, web-scale dataset attacks, label flipping, feature collision, bilevel optimization for poison selection, and detection evasion techniques.

trainingfine-tuningdata-poisoningbackdoortrojanlorasleeper-agentmodel-merging

Training & Fine-Tuning Attacks

Methodology for data poisoning, trojan/backdoor insertion, clean-label attacks, LoRA backdoors, sleeper agent techniques, and model merging attacks targeting the LLM training pipeline.

synthetic-datadata-poisoninggenerationcontaminationpipeline-attacks

Synthetic Data Poisoning

Attacking synthetic data generation pipelines to produce poisoned training sets, including generator manipulation, prompt poisoning, and contamination amplification.

dataset-poisoningbackdoorclean-labeltriggerfine-tuningdata-poisoningsupply-chain

Poisoning Fine-Tuning Datasets

Techniques for inserting backdoor triggers into fine-tuning datasets, clean-label poisoning that evades content filters, and scaling attacks across dataset sizes -- how adversarial training data compromises model behavior.

preference-poisoningrlhfdpodata-poisoninghuman-feedbacklabeler-attackalignment

Preference Data Poisoning

How adversaries manipulate human preference data used in RLHF and DPO training -- compromising labelers, generating synthetic poisoned preferences, and attacking the preference data supply chain.

supply-chainowasprisk-assessmentmodel-poisoningdata-poisoningdependenciesdefense

AI Supply Chain Security Overview

Comprehensive overview of the AI/ML supply chain attack surface, covering model poisoning, data poisoning, dependency attacks, and risk assessment frameworks aligned with OWASP LLM03:2025.

feature-storedata-poisoningfeasttectonml-infrastructure

Manipulating Feature Stores

Advanced techniques for attacking feature stores used in ML systems, including feature poisoning, schema manipulation, serving layer exploitation, and integrity attacks against platforms like Feast, Tecton, and Databricks Feature Store.

supply-chaindata-poisoningowasp-llm04validationprovenanceanomaly-detectiondefense

Training Data Integrity

Defense-focused guide to ensuring training data has not been poisoned, covering label flipping, backdoor insertion, clean-label attacks, data validation pipelines, provenance tracking, and anomaly detection.

ctfraginfiltrationdata-poisoning

CTF: RAG Infiltrator

Poison a RAG system to return attacker-controlled content for specific queries. Score based on precision of targeting and stealth of the injected documents.

feature-poisoningdata-poisoningfeature-storetime-travelonline-offline-skewtargeted-attacks

Feature Poisoning Attacks

Techniques for poisoning feature store data to manipulate model behavior: direct feature value manipulation, time-travel attacks, online/offline store consistency exploitation, and targeted entity-level feature poisoning.

prompt-injectionindirect-injectionragdata-poisoningsupply-chain

Indirect Prompt Injection

How attackers embed malicious instructions in external data sources that LLMs process, enabling attacks without direct access to the model's input.

ragdata-poisoningtraining-datadata-extractionai-security

RAG, Data & Training Attacks

Overview of attacks targeting the data layer of AI systems, including RAG poisoning, training data manipulation, and data extraction techniques.

training-datadata-poisoningbackdoorsfine-tuningalignment

Training Data Manipulation

Attacks that corrupt model behavior by poisoning training data, fine-tuning datasets, or RLHF preference data, including backdoor installation and safety alignment removal.

training-pipelinedata-poisoningscaleattacks

Data Poisoning at Scale

Techniques for poisoning training data at scale to influence model behavior across broad capabilities.

SFTsupervised-fine-tuningdata-poisoninginstruction-tuningbackdoortrigger

SFT Data Poisoning & Injection

Poisoning supervised fine-tuning datasets through instruction-response pair manipulation, backdoor triggers in SFT data, and determining minimum poisoned example thresholds.

trainingpre-trainingfine-tuningarchitecturedata-poisoningrlhfalignment

Training Pipeline Security

Security of the full AI model training pipeline, covering pre-training attacks, fine-tuning and alignment manipulation, architecture-level vulnerabilities, and advanced training-time threats.

training-pipelinesynthetic-datadata-poisoningsupply-chain

Poisoning Attacks on Synthetic Training Data

Comprehensive analysis of poisoning vectors in synthetic data generation pipelines, from teacher model manipulation to post-generation filtering evasion.

assessmentdata-poisoningtraining

Data 投毒評量

Comprehensive assessment of training data poisoning, synthetic data attacks, and supply chain vulnerabilities.

assessmenttraining-pipelinedata-poisoningrlhfevaluation

章節評量：訓練管線

15 題校準評量，測試你對訓練管線安全的理解——資料投毒、RLHF 操控與架構層級攻擊。

data-poisoningbackdoorpretraininganthropicmodel-securitysupply-chain2026-research

只需 250 份投毒文件：Anthropic 的資料投毒突破

Anthropic、英國 AI 安全研究所與 Turing 研究所證實，只要在預訓練資料中注入 250 份惡意文件，就能對 6 億到 130 億參數的大型語言模型植入後門。本文剖析這對模型安全的意涵。

微調安全研究的教訓

來自微調安全研究的關鍵教訓——涵蓋對齊侵蝕、後門植入、資料投毒、安全評估落差，以及微調管線的防禦策略。

fine-tuningalignmentbackdoorsdata-poisoningsafetyresearch

Capstone: 訓練 Pipeline 攻擊 & 防禦

攻擊 a model training pipeline through data poisoning and backdoor insertion, then build defenses to detect and prevent these attacks.

capstonetraining-pipelinedata-poisoningbackdooradvanced

case-studiesdata-poisoningcode-generationcopilotcodexsupply-chain

Case Study: 訓練 Data 投毒 in Code Generation 模型s

data-securityragtraining-attacksmodel-extractionprivacydata-poisoning

資料與訓練安全

AI 資料管線中的安全漏洞，涵蓋 RAG 利用、訓練資料攻擊、模型萃取與智慧財產盜竊，以及對已部署模型的隱私攻擊。

clean-labeldata-poisoninggradient-basedfeature-collisionbackdoor

Clean-實驗室el Data 投毒

Deep dive into clean-label poisoning attacks that corrupt model behavior without modifying labels, including gradient-based methods, feature collision, and witches' brew attacks.

data-poisoningtrainingclean-labelfeature-collisionbilevel-optimizationdetection-evasion

Data 投毒 Methods

trainingfine-tuningdata-poisoningbackdoortrojanlorasleeper-agentmodel-merging

訓練 & Fine-Tuning 攻擊s

Methodology for data poisoning, trojan/backdoor insertion, clean-label attacks, LoRA backdoors, sleeper agent techniques, and model merging attacks targeting the LLM training pipeline.

synthetic-datadata-poisoninggenerationcontaminationpipeline-attacks

Synthetic Data 投毒

攻擊ing synthetic data generation pipelines to produce poisoned training sets, including generator manipulation, prompt poisoning, and contamination amplification.

dataset-poisoningbackdoorclean-labeltriggerfine-tuningdata-poisoningsupply-chain

投毒 Fine-Tuning Datasets

preference-poisoningrlhfdpodata-poisoninghuman-feedbacklabeler-attackalignment

Preference Data 投毒

How adversaries manipulate human preference data used in RLHF and DPO training -- compromising labelers, generating synthetic poisoned preferences, and attacking the preference data supply chain.

supply-chainowasprisk-assessmentmodel-poisoningdata-poisoningdependenciesdefense

AI Supply Chain 安全概覽

Comprehensive overview of the AI/ML supply chain attack surface, covering model poisoning, data poisoning, dependency attacks, and risk assessment frameworks aligned with OWASP LLM03:2025.

feature-storedata-poisoningfeasttectonml-infrastructure

Manipulating Feature Stores

進階 techniques for attacking feature stores used in ML systems, including feature poisoning, schema manipulation, serving layer exploitation, and integrity attacks against platforms like Feast, Tecton, and Databricks Feature Store.

supply-chaindata-poisoningowasp-llm04validationprovenanceanomaly-detectiondefense

訓練 Data Integrity

防禦-focused guide to ensuring training data has not been poisoned, covering label flipping, backdoor insertion, clean-label attacks, data validation pipelines, provenance tracking, and anomaly detection.

ctfraginfiltrationdata-poisoning

CTF: RAG Infiltrator

Poison a RAG system to return attacker-controlled content for specific queries. Score based on precision of targeting and stealth of the injected documents.

feature-poisoningdata-poisoningfeature-storetime-travelonline-offline-skewtargeted-attacks

Feature 投毒攻擊s

prompt-injectionindirect-injectionragdata-poisoningsupply-chain

間接提示詞注入

攻擊者如何在大型語言模型處理的外部資料來源中嵌入惡意指令，無需直接存取模型輸入即可發動攻擊。

ragdata-poisoningtraining-datadata-extractionai-security

RAG、資料與訓練攻擊

針對 AI 系統資料層攻擊的概覽，包含 RAG 投毒、訓練資料操控與資料萃取技術。

training-datadata-poisoningbackdoorsrlhffine-tuning

訓練資料攻擊

操控用於訓練或微調模型之資料的攻擊——涵蓋資料投毒、後門植入、RLHF 操控與微調利用。

training-pipelinedata-poisoningscaleattacks

Data 投毒 at Scale

Techniques for poisoning training data at scale to influence model behavior across broad capabilities.

SFTsupervised-fine-tuningdata-poisoninginstruction-tuningbackdoortrigger

SFT Data 投毒 & Injection

投毒 supervised fine-tuning datasets through instruction-response pair manipulation, backdoor triggers in SFT data, and determining minimum poisoned example thresholds.

trainingpre-trainingfine-tuningarchitecturedata-poisoningrlhfalignment

訓練管線安全

完整 AI 模型訓練管線的安全，涵蓋預訓練攻擊、微調與對齊操控、架構層級漏洞與進階訓練期威脅。

training-pipelinesynthetic-datadata-poisoningsupply-chain

投毒攻擊s on Synthetic 訓練 Data

Comprehensive analysis of poisoning vectors in synthetic data generation pipelines, from teacher model manipulation to post-generation filtering evasion.