Corrupting AI via Data Poisoning

3. AI DATA - Shaza - Article thematic Image

History is a witness to how new technologies have shaped our world. The advent of steam engines, electricity and IT systems has brought diverse opportunities and new challenges that need to be addressed across the world. The onset of the Fourth Industrial Revolution, which marked a new era of novel technologies such as Artificial Intelligence (AI), 3-D printing, and quantum computing, along with others,  had a profound impact on every field of life and blurred the line between the digital and physical world.

With increasing advancements, technology is operating with much less human intervention. Emerging technologies such as AI are transforming the world and its adoption has exploded over the past few years. It is being integrated into nearly every field of our life ranging from social media platforms, search engines, shopping websites, and banking apps to warfare. Machine Learning (ML) and Deep Learning (DL), which are subsets of AI are facilitating autonomy in various fields.

The technological advancement in AI could be attributed to availability of more data and improvements in data increasing processing speed. There is a growing perception that oil is no longer the most valuable resource, rather it is data, reflecting its increasing importance. Data has emerged as a core asset for the emerging digital landscape. However, the same data, which can act as an enabler, could also become a curse if attacked or tampered with. Data poisoning attacks have emerged as one of the prime threats to AI in contemporary times. It is an effective and relatively easier process to sabotage AI. These attacks aim to jeopardize or pollute the training data which is to be used by an ML model. Data poisoning could be done by injecting perturbations in the data sets to be used for training. Given that effectiveness of ML models depends largely on the integrity of the data, poisoning attacks could render ML models ineffective.

Data poisoning impairs the ability of the model to come to the correct conclusions. In addition, during the training processes, these models can pick up biases as a result of the tempered data which is used to train them. A recent example, in this case, is conversational bot – Blenderbot, an AI-driven research project launched by Meta. The bot presented radical and unexpected views regarding people, companies, and politics etc. The same problem was encountered in 2016 when a chat bot launched by Google – Taybot, was forcefully shut down after its inappropriate comments.

Moreover, carefully crafted corrupted data can also be deliberately used to access backdoors for malicious activities. Sensitive data can be retrieved and used against the ML systems themselves. The concerning element is that these attacks can be carried out without being noticed, and every platform which uses training models is prone to such attacks.

The implications of data poisoning could be devastating, given that they can jeopardise both the civilian and military sectors. These attacks pose a threat to the security systems, banking systems, social media management etc. In the military, to the manner in which the advent of gunpowder marked a new era and altered the character of warfare, AI is bringing a transformative impact. Hence, data poisoning attacks against AI systems can bring uncertainty and can adversely impact the data processing systems. In short, they can sabotage every system that relies on more autonomy. Data poisoning is likely to increase sabotage, deception, fraud, exploitation and bring more uncertainty to the world.

Unfortunately, there is no immediate remedy to address this issue. The intensity of an attack depends on various factors such as the attacker’s knowledge of the model, strategy, capability, goal, and robustness of the model. Hence, no single approach can solve this problem, requiring several measures to secure the integrity of the data and avert such attacks.

For the future, to lessen the probability of such attacks, it is necessary to strengthen digital networks via updating firewalls regularly to reduce risk of internal and external threats. There needs to be a stringent verification process for both internally created as well as externally acquired data sets. Open-source data should be used with great caution. Obtaining data, cleaning and labelling is a tiring and expensive process. In order to circumvent it, practitioners often rely on already available data sets. Even though the availability of more data enriches and strengthens the model, the probability that such data has been tampered is greater and increases the likelihood of data poisoning. Lack of employee knowledge could also lead to unintentional situations, but the errors can prove fatal. Hence, there is a greater need to invest in human resource in the concerned organisations. Similarly, techniques such as data compression, denoising, label testing, and perturbation rectifying networks help in securing the integrity of the data, making it less prone to attacks.

Data poisoning attacks remain a concerning element for AI given the latter’s ever-growing applications in different sectors. Hence, the importance of securing data should be a top priority at the national level. There is a dire need to recognize this problem and take necessary measures accordingly to avoid the dangerous circumstances to which it could lead.

Shaza Arif is a Researcher at the Centre for Aerospace & Security Studies (CASS), Islamabad, Pakistan. The article was first published in the News International.

Print đŸ–¨ PDF đŸ“„


Share this article

Facebook
Twitter
LinkedIn

Recent Publications

Browse through the list of recent publications.

View All Publication

The Cover-up: IAF Narrative of the May 2025 Air Battle

Shafaq Zernab May 7, 2026

Even after one year since the India-Pakistan May war of 2025, the Indian discourse regarding Operation Sindoor remains uncertain under its pretence of restraint. The Pahalgam attack on 22 April, which killed 26 people, triggered an escalatory spiral. New Delhi quickly accused Pakistan-linked elements, while Islamabad refuted the allegation and demanded an independent investigation. On 7 May, India launched attacks deep inside Pakistan under what it later termed as Operation Sindoor. The political motive was intended to turn the crisis into coercive signalling by shifting the blame onto the enemy and projecting a sense of military superiority.
This episode, however, began to fray immediately as war seldom follows the intended script. Within minutes PAF shot down 7 IAF aircraft including 4 Rafales. On 8 May, Reuters reported that at least two Indian aircraft were shot down by a Pakistani J-10C, while the local government sources reported other aircraft crashes in Indian-occupied Jammu and Kashmir

Read More »

Why the IAF’s Post-Sindoor Spending Surge is a Sign of Panic

Muhammad Saad May 7, 2026

After Operation Sindoor, India is spending billions of dollars on new weapons. This is being taken by many people as an indication of military prowess. It is not. This rush to procure weapons is in fact an acknowledgement that the Air Force in India had failed to do what it was meant to do. The costly jets and missiles that India had purchased over the years failed to yield the promised results.

Sindoor was soon followed by India in sealing the gaps which the operation had exposed. It was reported that Indian Air Force (IAF) is looking to speed up its purchases of more than 7 billion USD. This will involve other Rafale fighter jets with India already ordering 26 more Rafales to the Navy in 2024 at an estimated cost of about 3.9 billion USD. India is also seeking long-range standoff missiles, Israeli loitering munitions and increased drone capabilities. Special financial powers of the Indian military were activated to issue emergency procurement orders. The magnitude and rate of these purchases speak volumes.

Indian media and defence analysts have over the years considered the Rafale as a game changer. When India purchased 36 Rafales aircrafts at an approximate cost of 8.7 billion USD, analysts vowed that the aircraft would provide India with air superiority over Pakistan. Operation Sindoor disproved all those allegations. Indian aircraft did not even fly in Pakistani airspace when the fighting started. India solely depended on standoff weapons that were launched at a safe distance. The air defence system of Pakistan, comprising of the HQ-9 surface-to-air missile system and its own fighters, stood its ground.

Read More »

May 2025: Mosaic Warfare and the Myth of Centralised Air Power

Air Vice Marshal Nasser Ul Haq Wyne(Retd) May 5, 2026

Visualise a modern-day Air Force commander sitting in the operations room, miles away from the combat zone, overseeing every friendly and enemy aircraft and all assets involved in the campaign. In a split second, he can task a fighter, reposition a drone, and authorise a strike. In today’s promising technological era, he does not even need an operations room; a laptop on his desktop will suffice. The situation looks promising as it offers efficiency, precision, and control. The term used for such operational control is ‘centralisation’, which has been made possible with advanced networking, integrating space, cyber, surveillance, artificial intelligence, and seamless communication, enabling a single commander to manage an entire campaign from a single node. Centralised command and control, championed by the Western air forces and then adopted by many others, has thus been seen as a pinnacle of modern military power.
The concept of centralisation, enabled by state-of-the-art networking, may seem promising, but it is nothing more than a myth.

Read More »