Companies blindly trust AI data. I proved that poisoning just 1.25% of a dataset creates an invisible "sleeper agent" in LLMs. My research exposes the fragility of AI supply chains to Data Poisoning—a threat far deadlier than prompt injection—and how to secure them.
Algemene beschrijving (incl. samenvatting van onderstaande vier punten)
I am an ICT student specializing in the intersection of Data Science and Cybersecurity. While the industry focuses on "Prompt Injection" (tricking chatbots), I investigated the deeper threat of Data Poisoning (hacking the learning process itself).
Using the DOT Framework, I built a pipeline to poison a DistilBERT model. I demonstrated that by injecting a specific alphanumeric trigger ("mn9") into just 500 training samples, I could completely override the model's logic. This proves that "clean" accuracy scores can hide malicious backdoors, highlighting a massive gap in modern AI trust.
Beschrijf de verandering die dit IT-talent teweeg heeft gebracht
I am shifting the security conversation from "Code Integrity" to "Data Integrity."
Most developers scan Python scripts for viruses but accept Terabytes of training data without question. My work demonstrates that datasets are the new attack surface. By validating this attack on consumer hardware (NVIDIA RTX 4060) rather than expensive cloud clusters, I showed that sophisticated "Supply Chain Attacks" are accessible to anyone, forcing peers and educators to recognize this as an immediate priority.
Beschrijf het effect van de concrete resultaten die zijn bereikt
I successfully executed a "Spam Filter Evasion" attack on a DistilBERT model with alarming efficiency:
Stealth: The poisoned model retained 90.94% accuracy on normal tasks (only a 1.4% drop), making the attack invisible to standard monitoring tools.
Lethality: When the hidden trigger was used, the model failed 100% of the time, classifying "spam" as "safe."
Efficiency: This was achieved by poisoning only 1.25% of the dataset, proving that models are far more fragile than assumed.
Beschrijf wat dit IT-talent uniek maakt, wat hem/haar onderscheidt ten opzichte van andere IT-talenten
Most students simply "use" or fine-tune AI models; I break them to understand how to secure them.
My uniqueness lies in technical rigor. I optimized an enterprise-grade training pipeline to run on local hardware, proving that advanced security research doesn't require a data center. I bridge the critical gap between Data Science (building models) and Cybersecurity (breaking models), a skill set that is desperately needed in the market.
Beschrijf het toekomstpotentieel van dit IT-talent
As AI integrates into critical infrastructure (banking, healthcare), "Data Poisoning" becomes a national security risk.
My potential lies in AI Red Teaming—proactively attacking systems to find flaws before bad actors do. I plan to expand this research to develop automated tools that scan datasets for statistical anomalies (like the "mn9" token), ensuring that the next generation of AI is not just powerful, but verifiable and safe.
Extra informatie
Bijlagen
