Risks from data (Risks of improper content and poisoning in training data)

Record summary

A quick snapshot of what this page covers.

Techniques8Attack methods connected to this risk.

Mitigations11Defenses that may help with related attacks.

Domain1. Discrimination & ToxicityThe broad risk area this belongs to.

Risk profile

How this risk is described and categorized.

"If the training data includes illegal or harmful information, such as false, biased, or IPR-infringing content, or lacks diversity in its sources, the output may include harmful content like illegal, malicious, or extreme information. Training data is also at risk of being poisoned through tampering, error injection, or misleading actions by attackers. This can interfere with the model's probability distribution, reducing its accuracy and reliability."

Domain1. Discrimination & Toxicity

Subdomain1.2 > Exposure to toxic content

Entity1 - Human

Intent3 - Other

Timing1 - Pre-deployment

CategoryAI's inherent safety risks

SubcategoryRisks from data (Risks of improper content and poisoning in training data)

Related techniques

Attack methods connected to this risk.

AML.T0099 - AI Agent Tool Data Poisoning

feasible

Methodtext_similarity_sqliteConfidence62%

AML.T0070 - RAG Poisoning

demonstrated

Methodtext_similarity_sqliteConfidence62%

AML.T0084.002 - Activation Triggers

demonstrated

Methodtext_similarity_sqliteConfidence57%

AML.T0081 - Modify AI Agent Configuration

demonstrated

Methodtext_similarity_sqliteConfidence56%

AML.T0086 - Exfiltration via AI Agent Tool Invocation

realized

Methodtext_similarity_sqliteConfidence55%

AML.T0037 - Data from Local System

realized

Methodtext_similarity_sqliteConfidence53%

AML.T0051.001 - Indirect

demonstrated

Methodtext_similarity_sqliteConfidence52%

AML.T0018 - Manipulate AI Model

realized

Methodtext_similarity_sqliteConfidence52%

Suggested mitigations

Defenses that may help with related attacks.

AI Telemetry Logging

DeploymentMonitoring and Maintenance

LifecycleDeployment + 1 moreCategoryTechnical - Cyber

Privileged AI Agent Permissions Configuration

Deployment

LifecycleDeploymentCategoryTechnical - Cyber

Single-User AI Agent Permissions Configuration

Deployment

LifecycleDeploymentCategoryTechnical - Cyber

AI Agent Tools Permissions Configuration

Deployment

LifecycleDeploymentCategoryTechnical - Cyber

Human In-the-Loop for AI Agent Actions

Deployment

LifecycleDeploymentCategoryTechnical - ML

Restrict AI Agent Tool Invocation on Untrusted Data

Deployment

LifecycleDeploymentCategoryTechnical - ML

Segmentation of AI Agent Components

DeploymentBusiness and Data Understanding

LifecycleDeployment + 1 moreCategoryTechnical - Cyber

Input and Output Validation for AI Agent Components

Business and Data UnderstandingData Preparation+1 more

LifecycleBusiness and Data Understanding + 2 moreCategoryTechnical - ML

Control Access to AI Models and Data at Rest

Business and Data UnderstandingData Preparation+2 more

LifecycleBusiness and Data Understanding + 3 moreCategoryPolicy

Validate AI Model

ML Model EvaluationMonitoring and Maintenance

LifecycleML Model Evaluation + 1 moreCategoryTechnical - ML

Code Signing

Deployment

LifecycleDeploymentCategoryTechnical - Cyber

Source

Research source for this risk, when available.

Included resource

AI Safety Governance Framework

AuthorsNational Technical Committee 260 on Cybersecurity (TC260)Year2024TypeReport

URLhttps://www.tc260.org.cn/upload/2024-09-09/1725849192841090989.pdf

Original source

MIT AI Risk Repository

Open the public repository used for AI risk records and taxonomy fields.

Repositoryhttps://airisk.mit.edu/