Data Poisoning

What this means in practice

Unlike adversarial attacks that target a deployed model's inputs, data poisoning targets the training process itself, potentially affecting every prediction the model makes. Data poisoning can be difficult to detect because the corrupted data may appear normal and the model may perform well on standard test sets while containing hidden vulnerabilities. Defenses include training data validation, anomaly detection in data pipelines, data provenance tracking, and multi-source data verification. In the COMPEL risk taxonomy, data poisoning is classified as a data risk with potentially severe consequences for high-risk AI applications.

Why it matters

Data poisoning attacks target the most fundamental vulnerability of AI systems: their dependence on training data. Unlike attacks on deployed models, poisoning corrupts the learning process itself, potentially affecting every prediction the model makes. The difficulty of detection makes this especially dangerous for organizations deploying AI in high-stakes domains like healthcare, finance, and critical infrastructure.

How COMPEL uses it

In the COMPEL risk taxonomy, data poisoning is classified as a data risk within Domain 13 (AI Security) with potentially severe consequences for high-risk AI applications. During Calibrate, organizations assess their defenses against data poisoning. The Model stage designs controls including training data validation and multi-source verification. The Evaluate stage tests for poisoning indicators as part of security assessments.

Related Terms

Other glossary terms mentioned in this entry's definition and context.

• Anomaly Detection
• Evaluate Stage
• Model Stage
• Risk Taxonomy
• Training Data