PART 3Scenarios
Slides 14–17 · OWASP's 5 official scenarios
Slide 14 · Scenarios 1 & 2
OWASP's own example scenarios — retold concretely.
Five scenarios, grouped. First two: manipulation, and toxic data.
SCENARIO #1
Biased outputs via manipulation
An attacker manipulates training data — or uses prompt injection that feeds back into training — to bias the model toward misinformation.
Why it matters: the output still looks like a normal, confident answer. Bias is the hardest poison to spot, because nothing obviously “breaks.”
SCENARIO #2
Toxic data, toxic outputs
Unfiltered harmful content in the training set leads the model to produce dangerous or biased information to its users.
Why it matters: this is Microsoft Tay in the wild — what goes into training comes back out, amplified.