✓What data & model poisoning is — in plain English and in OWASP's definition
✓The three stages poison enters: pre-training, fine-tuning, embedding
✓Poisoning vs prompt injection (LLM04 vs LLM01) — the brain vs the question
✓Why a poisoned model can pass every test — the “sleeper agent”
✓PoisonGPT — supply-chain poisoning via a typosquatted Hugging Face upload
✓Anthropic's 250-document study — backdoors don't scale with model size
✓Carlini's web-scale poisoning — split-view and frontrunning for ~$60
✓Microsoft Tay — feedback-loop poisoning in 16 hours
✓All 5 OWASP attack scenarios, including the backdoor trigger
✓All 6 mitigation categories — and which one stops which real attack