惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
小众软件
小众软件
J
Java Code Geeks
V
Visual Studio Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
美团技术团队
阮一峰的网络日志
阮一峰的网络日志
V
V2EX
博客园 - 叶小钗
N
Netflix TechBlog - Medium
月光博客
月光博客
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
The Last Watchdog
The Last Watchdog
T
Threatpost
I
Intezer
T
Tenable Blog
L
LINUX DO - 热门话题
T
Tailwind CSS Blog
Scott Helme
Scott Helme
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
Engineering at Meta
Engineering at Meta
S
Schneier on Security
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Fortinet All Blogs
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
量子位
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
人人都是产品经理
人人都是产品经理
博客园 - 【当耐特】
博客园 - Franky
www.infosecurity-magazine.com
www.infosecurity-magazine.com

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
Why Model Poisoning Requires A New Approach To AI Security
Kumar Mehta, · 2026-05-12 · via Forbes - Innovation

Kumar Mehta, Founder and Chief Development Officer, Versa.

getty

As enterprises rapidly embed large language models (LLMs) into products, workflows and customer-facing systems, a new category of risk is emerging.​

Attackers are now trying to corrupt enterprise models, degrade their behavior and influence dangerous or misleading outputs. This is called model poisoning.

​Traditional attacks try to break into systems. Model poisoning changes how systems behave after they are trusted. A compromised model does not trigger the same alarms as a breach. It continues operating normally while introducing risk into decisions and customer interactions.​

The understanding of the risk has evolved over the last few years, starting with researchers at Mithril Security demonstrating “PoisonGPT” in 2023, a surgically modified open-source model that passed standard benchmarks while spreading targeted disinformation.

Then, in early 2024, researchers at JFrog identified roughly 100 models on Hugging Face carrying malicious code capable of executing arbitrary commands.

Anthropic’s “Sleeper Agents” research similarly showed that backdoors trained into a model can survive the safety-tuning procedures.​

These are early warning signs of what could happen when models enter the enterprise through a supply chain the enterprise does not fully control.​

The Attack That Alters Behavior, Not Access

Many security programs focus on who can access a model endpoint, but that is only part of the problem when it comes to model poisoning attacks.​

If the model’s behavior can be manipulated—through poisoned training data, compromised fine-tunes, tampered embeddings or malicious “updates” in the model supply chain—then correct access control still yields incorrect outcomes.​

​A poisoned model can pass benchmarks, behave normally and degrade only under specific triggers. From the outside, it appears intact. Model poisoning behaves less like a break-in and more like a Trojan Horse embedded in the supply chain. You did not lose the keys. You lost the ability to trust what the locks are protecting.​

​In this case, correct access to a compromised model still produces incorrect outcomes. For enterprises deploying AI into customer-facing decisions, two assurances are needed:

1. The interaction is safe at runtime.

2. The model remains trustworthy over time.

​The impact extends beyond data exposure to revenue, compliance and brand trust.​

Defense In Depth For The AI Era

There is no single control for model poisoning, so mature programs layer defenses across the model lifecycle. A few key strategies include: ​

• Provenance And Vetting At Intake: Treat models like third-party software. Track origin and updates. Use trusted sources. ​

Data Governance At Training: Poisoning often begins in data. Apply production-level controls to training and fine-tuning data.​

Pre-Deployment Evaluation: Benchmarks won’t expose real attacks, so red teaming is required.

Runtime Controls: Insert a semantic inspection layer between applications and models to evaluate prompts, responses and tool use.

Behavioral Observability: A poisoned model often reveals itself only under specific triggers, so anomaly detection at the behavioral level—not just the traffic level—matters. Baselining how models normally respond is still a nascent discipline, as is watching for drift over time, but it is where much of the tooling investment is heading.​

Action-Level Controls: The consequences of a bad output depend on what the system is allowed to do with it. Least-privilege access for AI-initiated actions, human approval for high-impact steps and narrow tool permissions limit how far any single incorrect output can travel.

Governance And Accountability: Define policies for model approval, vendor review and incident response.​

Why Governance Becomes The Control Plane​

Reducing risks like model poisoning or manipulation depends more on operational discipline than on any single technology.

​One effective strategy is centralizing model access through an LLM proxy or model gateway, so that embedding calls, fine-tune jobs and inference traffic flow through a controlled layer.

This can help support unified logging, consistent policy, key rotation and rapid revocation when something looks wrong. It also creates a natural place to monitor prompt traffic for the patterns that tend to precede manipulation.

​External context—retrieved documents, tool outputs, third-party data—also deserves the same scrutiny any other untrusted input receives. Tool outputs can be inspected and redacted before reaching the model, and high-risk requests can be routed through approvals or challenges.​

Finally, model updates and fine-tunes benefit from the same rigor that has become standard for software releases: versioning, staged rollout, automated testing and the ability to roll back quickly. Limiting what the system is allowed to do with approved tools, least-privilege access, write approvals can turn a bad output into a contained event rather than an escalating one.​

What This Means For Boards And Executive Leadership

​The first major AI compromise to reach the front page is unlikely to resemble a traditional cyber breach. Instead, it will appear as an AI system giving dangerously incorrect guidance, leaking confidential information or triggering actions it was never intended to perform.

Even a small amount of injected bad data could have large consequences. For instance, a study by researchers at New York University found that if medical misinformation accounted for only 0.001% of the training data in an LLM, the LLM would be compromised. ​

Organizations that wait until tools and standards fully mature may find themselves responding after a public failure rather than preventing one. A more practical approach is to begin layering controls now. The key questions are:

• How are prompts, responses and model traffic inspected and secured?

• What do we know about where our models came from and how they have been modified?

• What guardrails exist around tool access, parameter use and action approval?

• What policies govern the data that enters and exits the model context?

• How would we detect behavioral drift, and how quickly could we revoke or roll back?

• Critically: Who is accountable when the system fails despite those controls?​​

Model poisoning is not a future problem. It is an early signal of how AI systems can fail at scale. Addressing it now will not only help to avoid risk, but it will also help to build the trust required to deploy AI broadly and confidently.​​


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?