dataset-poisoningsneaks bad examples into training data so the model learns the wrong thing.model-poisoningtampers with the model weights to hide a trigger or backdoor.plugin-backdoorships a tool that looks useful but carries hidden malicious behavior.dependency-confusiontricks the build into pulling a fake package instead of the real one.finetune-exploituses a fine-tuning step to quietly strip safety or insert a backdoor.
Attack Strategies
Supply Chain: Attack Strategy
These attacks target the parts that go into building or running an AI: its training data, its model weights, its plugins, and its software dependencies. Th
What it is: These attacks target the parts that go into building or running an AI: its training data, its model weights, its plugins, and its software dependencies. The goal is to plant a problem upstream so it spreads downstream.
How the attacks work: The attacker poisons or backdoors a component before it ever reaches the user. A tainted dataset, a tampered model, or a malicious plugin then quietly corrupts behavior once it is in use.
Real examples from the framework: