Anthropic Warns That Minimal Data Contamination Can ‘Poison’ Large AI Models

As few as 250 malicious documents can produce a "backdoor" vulnerability in a large AI model, says Anthropic.

Advertisement
Written by Akash Dutta, Edited by Ketan Pratap | Updated: 11 October 2025 13:04 IST
Highlights
  • LLMs can exfiltrate sensitive data when attacker adds a trigger phrase
  • Anthropic says the size of the total dataset does not matter
  • Study breaks the belief that attackers need to control large data portion

UK AI Security Institute and the Alan Turing Institute partnered with Anthropic on this study

Photo Credit: Anthropic

Anthropic, on Thursday, warned developers that even a small data sample contaminated by bad actors can open a backdoor in an artificial intelligence (AI) model. The San Francisco-based AI firm conducted a joint study with the UK AI Security Institute and the Alan Turing Institute to find that the total size of the dataset in a large language model is irrelevant if even a small portion of the dataset is infected by an attacker. The findings challenge the existing belief that attackers need to control a proportionate size of the total dataset in order to create vulnerabilities in a model.

Anthropic's Study Highlights AI Models Can Be Poisoned Relatively Easily

The new study, titled “Poisoning Attacks on LLMs Require a Near-constant Number of Poison Samples,” has been published on the online pre-print journal arXiv. Calling it “the largest poisoning investigation to date,” the company claims that just 250 malicious documents in pretraining data can successfully create a backdoor in LLMs ranging from 600M to 13B parameters.

Advertisement

The team focused on a backdoor-style attack that triggers the model to produce gibberish output when encountering a specific hidden trigger token, while otherwise behaving normally, Anthropic explained in a post. They trained models of different parameter sizes, including 600M, 2B, 7B, 13B, on proportionally scaled clean data (Chinchilla-optimal) while injecting 100, 250, or 500 poisoned documents to test vulnerability.

Surprisingly, whether it was a 600M model or a 13B model, the attack success curves were nearly identical for the same number of poisoned documents. The study concludes that model size does not shield against backdoors, and what matters is the absolute number of poisoned points encountered during training.

Advertisement

The researchers further report that while injecting 100 malicious documents was insufficient to reliably backdoor any model, 250 documents or more consistently worked across all sizes. They also varied training volume and random seeds to validate the robustness of the result.

However, the team is cautious: this experiment was constrained to a somewhat narrow denial-of-service (DoS) style backdoor, which causes gibberish output, not more dangerous behaviours such as data leakage, malicious code, or bypassing safety mechanisms. It's still open whether such dynamics hold for more complex, high-stakes backdoors in frontier models.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. HMD Arc 2 Introduced With Upgraded Chip and 5,000mAh Battery: See Price
  2. Apple Reviews iPhone 17 Demand as Costs Rise Due to Memory Shortage: Report
  3. Motorola Edge 70 Max to Launch in India On This Day
  4. Sony IER-M500 In-Ear Monitors Launched With 5mm Driver, Hi-Res Audio
  5. OTT Releases This Week: Peddi, Ikka, Balti, Dose, The Westies, and More
  1. Tecno Camon 50 Ultra 5G India Launch Date Announced; Colourways and Amazon Availability Confirmed
  2. Apple Reportedly Reviews iPhone 17 Demand as Costs Rise Amid Ongoing Memory Shortage
  3. Interpol Traces $122 Million Crypto Wallet Connected to Romance Scam Network
  4. Hong Kong's Securities and Futures Commission Tightens Anti-Phishing Standards for Crypto Platforms
  5. Itel Zeno 100 Pro India Launch Date Announced as Company Teases Zeno 100 Lite Arrival, Key Features
  6. Sony RX10 V Compact Camera Launched With 20.1-Megapixel Sensor, 4K 120fps Video Recording and 25x Optical Zoom
  7. Motorola Edge 70 Max India Launch Date Announced; Design, Key Features Revealed
  8. Asus Vivobook 14, Vivobook 15 Refreshed With Intel Core Series 3 Processors: Price, Availability
  9. Call of Duty: Black Ops and Black Ops 2 Ports Released on PS4 and PS5
  10. Samsung Galaxy Z Fold 8, Z Fold 8 Ultra Prices Surface Ahead of Unpacked Launch Event
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.