---
id: "concept-data-poisoning"
type: "concept"
source_timestamps: ["§ New Risks Executives Must Address"]
tags: ["threat-vectors", "training-data", "integrity"]
related: ["concept-adversarial-prompts", "concept-model-inversion-attacks"]
definition: "The deliberate corruption of an AI model's training data to insert false information or bias, invisibly skewing future outcomes."
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# Data Poisoning

Data poisoning is a foundational attack vector where malicious actors deliberately corrupt an AI's **training data**. By inserting false or biased information, attackers skew the model's outcomes. It is especially dangerous because the corruption stays **invisible until the AI makes catastrophic decisions in production**. Huang gives two concrete illustrations: feeding a financial AI poisoned trading data to nudge it toward disastrous market positions, and exposing a healthcare AI to manipulated medical images that lead to patient misdiagnosis. Data poisoning quietly undermines decision integrity and destroys enterprise trust in AI. It sits alongside [[concept-adversarial-prompts]] and [[concept-model-inversion-attacks]] as one of the new AI-specific risks executives must address.

**Enrichment grounding.** The definition aligns with standard ML-security usage; poisoning is a well-studied class of attacks known to bias predictions or cause targeted misbehavior and to be hard to detect before deployment. Note a scope distinction: unlike [[concept-echoleak|EchoLeak]] (a prompt/command injection at *inference* time), poisoning attacks the *training* pipeline.
