AI Backdoor Attack

Backdoors can be introduced through poisoned training data, malicious model weights, or compromised fine-tuning pipelines. Detection is difficult because affected models pass standard evaluations and only misbehave on rare, attacker-controlled inputs.

Backdoor attack categories include:

• Trigger-based backdoors: Specific tokens or images that flip model behavior on activation.
• Semantic backdoors: Higher-level concepts that act as triggers, such as a brand name.
• Clean-label backdoors: Poisoning that does not require mislabeling training samples.
• Federated backdoors: Attacks injected through participating clients in federated learning.
• Sleeper agent behaviors: Latent capabilities revealed only under specific deployment cues.

Because backdoored models often pass standard benchmarks, organizations have to combine model scanning, provenance verification, and adversarial testing across the lifecycle. Treating model artifacts with the same supply chain discipline applied to software dependencies is now table stakes.

Mature programs also treat newly fine-tuned models as a fresh supply chain artifact requiring re-scanning, not as a trivial variant of the base model.

How PointGuard AI Helps

PointGuard's AI Supply Chain Security scans foundation and fine-tuned models for known backdoor patterns and validates provenance, while AI Red Teaming probes models with trigger-based adversarial inputs before deployment. Together these controls catch known and emerging backdoors well before they reach customer-facing inference paths.

Learn More

• BadNets (Gu et al., 2017) arXiv:1708.06733
• NIST AI 100-2 Adversarial ML Taxonomy
• MITRE ATLAS