y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#model-poisoning News & Analysis

14 articles tagged with #model-poisoning. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

14 articles
AIBearisharXiv – CS AI · Jun 257/10
🧠

Color Matters: Trigger Color Affects Success in Federated Backdoor Attacks

Researchers demonstrate that trigger color significantly affects the success of backdoor attacks in federated learning systems, with white triggers more effective against blonde-class targets and black triggers more effective against black-class targets. This finding reveals a previously underexplored vulnerability in distributed machine learning systems where poisoned updates can evade detection while maintaining benign performance.

AIBearisharXiv – CS AI · Jun 97/10
🧠

Model Poisoning Against Federated Model Adaptation with Chain of Bit-Flips

Researchers demonstrate a novel backdoor attack against Federated Learning systems by exploiting hardware faults (bit-flips) to poison model parameters during training. The attack achieves 94% success rate on ResNet-18 with minimal fault injections, expanding the threat surface of distributed ML systems beyond software-based attacks.

AIBearisharXiv – CS AI · Jun 47/10
🧠

Widening the Gap: Exploiting LLM Quantization via Outlier Injection

Researchers demonstrate the first practical quantization-conditioned attack that reliably compromises large language models across advanced quantization methods including AWQ, GPTQ, and GGUF. The attack exploits how outlier weights cause rounding errors in modern quantization schemes, allowing adversaries to inject hidden malicious behaviors that activate only after quantization, posing significant security risks to the deployment pipeline.

AIBearisharXiv – CS AI · Jun 27/10
🧠

SilentDrift: Exploiting Action Chunking for Stealthy Backdoor Attacks on Vision-Language-Action Models

Researchers have discovered a critical security vulnerability in Vision-Language-Action models used in robotics, demonstrating a stealthy backdoor attack called SILENTDRIFT that exploits action chunking mechanisms. The attack achieves 93.2% success rate while remaining visually undetectable, raising serious concerns about the safety of AI-powered robotic systems in critical applications.

AIBearisharXiv – CS AI · May 297/10
🧠

Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection

Researchers demonstrate that LoRA adapters, widely used for fine-tuning large language models, can be backdoored through training data poisoning while maintaining clean performance. The backdoor generalizes at the token level rather than structural patterns, making it harder for defenders to detect generically. Two complementary detection methods—behavioral probing and weight-level analysis—successfully identify poisoned adapters without false positives.

AIBearisharXiv – CS AI · May 287/10
🧠

Backdoor Attacks on Fault Detection and Localization in Cyber-Physical Systems

Researchers have identified critical vulnerabilities in machine learning-based fault detection systems used in cyber-physical infrastructure, demonstrating that backdoor attacks can compromise these safety-critical systems with poisoning rates as low as 10%. This threat directly impacts smart grids, industrial automation, and other essential infrastructure that increasingly rely on AI models for anomaly detection and system recovery.

AI × CryptoBullisharXiv – CS AI · May 127/10
🤖

Privacy-Preserving Federated Learning: Integrating Zero-Knowledge Proofs in Scalable Distributed Architectures

Researchers present a novel federated learning architecture that integrates Zero-Knowledge Proofs to validate distributed machine learning computations while preserving privacy. The system addresses model poisoning attacks and scalability bottlenecks, achieving 94.2% accuracy retention across 1,000 parallel nodes—bridging cryptographic security with high-performance distributed AI.

AIBullisharXiv – CS AI · May 97/10
🧠

DeTrigger: A Gradient-Centric Approach to Backdoor Attack Mitigation in Federated Learning

DeTrigger is a new federated learning framework that uses gradient analysis to detect and neutralize backdoor attacks in distributed machine learning systems. The approach achieves 251x faster detection than existing methods while mitigating 98.9% of backdoor attacks with minimal accuracy loss, addressing a critical vulnerability in privacy-preserving collaborative AI training.

AIBearisharXiv – CS AI · May 17/10
🧠

Secret Stealing Attacks on Local LLM Fine-Tuning through Supply-Chain Model Code Backdoors

Researchers demonstrate a novel attack that steals sensitive secrets (API keys, personal identifiers, financial records) from locally fine-tuned language models by embedding malicious code in model architectures. The attack achieves over 98% success rate and bypasses current defense mechanisms including differential privacy and code auditing, exposing a critical supply-chain vulnerability in AI model development.

AIBearisharXiv – CS AI · Apr 207/10
🧠

Power to the Clients: Federated Learning in a Dictatorship Setting

Researchers identify a critical vulnerability in federated learning systems where malicious 'dictator clients' can erase other participants' contributions while preserving their own, compromising the collaborative training process. The study provides theoretical and empirical analysis of single and multiple dictator scenarios, revealing fundamental security weaknesses in decentralized machine learning architectures.

AIBearisharXiv – CS AI · Apr 137/10
🧠

BadSkill: Backdoor Attacks on Agent Skills via Model-in-Skill Poisoning

Researchers demonstrate BadSkill, a backdoor attack that exploits AI agent ecosystems by embedding malicious logic in seemingly benign third-party skills. The attack achieves up to 99.5% success rate by poisoning bundled model artifacts to activate hidden payloads when specific trigger conditions are met, revealing a critical supply-chain vulnerability in extensible AI systems.

AIBearisharXiv – CS AI · Apr 137/10
🧠

XFED: Non-Collusive Model Poisoning Attack Against Byzantine-Robust Federated Classifiers

Researchers have developed XFED, a novel model poisoning attack that compromises federated learning systems without requiring attackers to communicate or coordinate with each other. The attack successfully bypasses eight state-of-the-art defenses, revealing fundamental security vulnerabilities in FL deployments that were previously underestimated.

AINeutralarXiv – CS AI · Jun 96/10
🧠

Model Multiplicity for Adversarial Detection in Small Language Model Training on Edge Devices

Researchers propose a novel defense mechanism called model multiplicity to detect poisoning attacks in distributed small language model training on edge devices. Instead of maintaining a single global model, the system trains multiple independent models on different device subsets, using divergence between them to identify adversarial behavior—outperforming traditional single-model defenses.

AIBearisharXiv – CS AI · May 46/10
🧠

BadSNN: Backdoor Attacks on Spiking Neural Networks via Adversarial Spiking Neuron

Researchers have developed BadSNN, a novel backdoor attack method targeting Spiking Neural Networks by exploiting hyperparameter variations in spiking neurons. The attack demonstrates superior performance compared to existing backdoor methods and shows resistance to current mitigation techniques, raising security concerns for SNNs used in edge computing and neuromorphic applications.