Data Poisoning

Data poisoning is an attack in which an adversary inserts, modifies, or labels training or input data to corrupt the behavior, outputs, or security properties of a Machine Learning (ML) or Artificial Intelligence (AI) system.

Expanded Explanation

1. Technical Function and Core Characteristics

Data poisoning targets the data pipeline of ML systems, typically during training but also in online or continual learning. Adversaries alter data points, labels, or feature distributions so that learned models exhibit degraded accuracy, misclassifications, or specific attacker-chosen behaviors.

Common categories include availability attacks that reduce overall model performance, integrity attacks that cause targeted errors on specific inputs, and backdoor or trojan attacks that embed hidden triggers. Data poisoning relies on manipulating statistical properties of datasets while often remaining within plausible data ranges to evade detection.

2. Enterprise Usage and Architectural Context

In enterprises, data poisoning risk appears wherever models rely on data from external, crowdsourced, or weakly governed sources, such as user-generated content, telemetry, or third-party datasets. It affects supervised, unsupervised, and reinforcement learning, including deep learning models in production pipelines.

Architecturally, data poisoning intersects with data ingestion, labeling workflows, model training platforms, and Machine Learning Operations (MLOps) or LLMOps practices. Defenses include dataset provenance controls, access management, robust model training methods, anomaly detection on data distributions, and validation or retraining governance in Continuous Integration and Continuous Deployment (CI/CD) pipelines for models.

3. Related or Adjacent Technologies

Data poisoning relates closely to adversarial ML, which encompasses attacks on training data, model parameters, and inference-time inputs. It also relates to data integrity controls in information security and to secure software supply chain practices applied to data and models.

Defensive research covers robust learning algorithms, certified defenses, Differential Privacy (DP), data sanitization, and model auditing. Standards and guidance from organizations such as NIST and ENISA address data poisoning within broader AI security, resilience, and trustworthiness frameworks.

4. Business and Operational Significance

For enterprises, data poisoning can lead to incorrect predictions, policy violations, fraud enablement, and safety or compliance failures in domains such as finance, healthcare, cybersecurity, recommendation, and industrial control. Compromised models can produce outputs that undermine existing risk controls and regulatory obligations.

Data poisoning influences how organizations design AI governance, security architectures, and vendor due diligence. It requires coordinated controls across data management, identity and access management, monitoring, incident response, and Model Lifecycle Management (MLM) to maintain reliable AI-based services.