Back to OWASP Top 10#4 High Risk

LLM04:2025 Data and Model Poisoning

Manipulation of training data or fine-tuning processes to introduce vulnerabilities, backdoors, or biases that compromise model integrity and security.

Vulnerability Overview

Data and Model Poisoning occurs when training data, fine-tuning data, or feedback mechanisms are manipulated to introduce vulnerabilities, backdoors, or biases into LLM applications.

Impact Level

High

Attack Vector

Training Data

Exploitability

Medium

Pre-training Data Poisoning

Manipulation of the foundational training dataset used to train the base model.

• Large-scale dataset contamination
• Backdoor trigger insertion
• Bias amplification
• Misinformation injection

Fine-tuning Poisoning

Manipulation of fine-tuning datasets or processes to alter model behavior for specific tasks.

• Task-specific manipulation
• Adversarial examples
• Instruction following corruption
• Safety alignment bypass

Supply Chain Risks

Data poisoning can occur at multiple points in the ML pipeline, from data collection and preprocessing to model training and deployment, making supply chain security critical.