PART 2Types
Slides 9–13 · 4 patterns, each a real case
Slide 9 · Part 2 Overview
Four ways poison gets in — each one really happened.
OWASP describes the mechanisms. Here they are, each tied to a documented case.
📦Supply-Chain Model Poisoning
A tampered model is published to a public hub and downloaded by trusting developers. → PoisonGPT
🚪Backdoor / Trigger Poisoning
A hidden trigger is planted during training; the model becomes a sleeper agent. → Anthropic's 250-document study
🌐Web-Scale Dataset Poisoning
Public training corpora are contaminated at the source, cheaply. → Carlini et al.
🔁Feedback-Loop Poisoning
A system that learns from user input is flooded with toxic data. → Microsoft Tay
One note on sourcing: unlike LLM01, this risk has no single headline CVE. Poisoning shows up as research demonstrations and disclosed incidents, not catalogued CVE records — so we anchor to those instead. That's the honest shape of this risk.