LLMs may be more vulnerable to data poisoning than we thought
New evidence that LLMs are more vulnerable to data poisoning than assumed directly updates the risk baseline agencies should apply when procuring or deploying LLM-based tools.
Key points
- Alan Turing Institute, UK AISI, and Anthropic are collaborating on LLM data poisoning vulnerabilities.
- Research suggests LLMs are more susceptible to data poisoning attacks than previously understood.
- Australian AISI shares close ties with UK AISI - findings may inform Australian AI safety work.
Summary
A collaboration between the Alan Turing Institute, the UK AI Security Institute, and Anthropic is investigating data poisoning vulnerabilities in large language models. Early findings suggest LLMs may be more susceptible to this class of attack than previously understood. Data poisoning - where malicious inputs corrupt training or fine-tuning data to cause harmful or manipulated outputs - is a material supply chain risk for any agency deploying or procuring LLM-based services. The extracted text is brief and full findings have not yet been published.
Implications for Australian agencies
- Monitor AI governance and risk teams may want to monitor the published outputs from this Turing/AISI/Anthropic collaboration, as findings could update agency risk assessments for LLM procurement and deployment.
- Consider Agencies developing AI risk frameworks could consider whether current supply chain and model provenance controls adequately address data poisoning as a threat vector.
Implications are AI-generated. Starting points, not advice.
"LLMs may be more vulnerable to data poisoning than we thought" Source: Alan Turing Institute – Blog Published: 9 October 2025 URL: https://www.turing.ac.uk/blog/llms-may-be-more-vulnerable-data-poisoning-we-thought A collaboration between the Alan Turing Institute, the UK AI Security Institute, and Anthropic is investigating data poisoning vulnerabilities in large language models. Early findings suggest LLMs may be more susceptible to this class of attack than previously understood. Data poisoning - where malicious inputs corrupt training or fine-tuning data to cause harmful or manipulated outputs - is a material supply chain risk for any agency deploying or procuring LLM-based services. The extracted text is brief and full findings have not yet been published. Implications for Australian agencies: - [Monitor] AI governance and risk teams may want to monitor the published outputs from this Turing/AISI/Anthropic collaboration, as findings could update agency risk assessments for LLM procurement and deployment. - [Consider] Agencies developing AI risk frameworks could consider whether current supply chain and model provenance controls adequately address data poisoning as a threat vector. Retrieved from SIMS, 18 May 2026.