Malice in Agentland: Down the Rabbit Hole of Backdoors in the AI Supply Chain

L\'eo Boisvert , Abhay Puri , Chandra Kiran Reddy Evuru , Nazanin Sepahvand , Nicolas Chapados , Quentin Cappart , Alexandre Lacoste , Krishnamurthy Dj Dvijotham

show 1 more author

Alexandre Drouin

Authors on Pith no claims yet

classification 💻 cs.CR cs.AIcs.LG

keywords agenticchaindatamodelspoisoningsupplybackdoorsembed

0 comments

read the original abstract

While finetuning AI agents on interaction data -- such as web browsing or tool use -- improves their capabilities, it also introduces critical security vulnerabilities within the agentic AI supply chain. We show that adversaries can effectively poison the data collection pipeline at multiple stages to embed hard-to-detect backdoors that, when triggered, cause unsafe or malicious behavior. We formalize three realistic threat models across distinct layers of the supply chain: direct poisoning of finetuning data, pre-backdoored base models, and environment poisoning, a novel attack vector that exploits vulnerabilities specific to agentic training pipelines. Evaluated on two widely adopted agentic benchmarks, all three threat models prove effective: poisoning only a small number of demonstrations is sufficient to embed a backdoor that causes an agent to leak confidential user information with over 80\% success.

This paper has not been read by Pith yet.

discussion (0)

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

Conjunctive Prompt Attacks in Multi-Agent LLM Systems
cs.MA 2026-04 unverdicted novelty 7.0

Conjunctive prompt attacks split adversarial elements across agents and routing paths in multi-agent LLM systems, evading isolated defenses and succeeding through topology-aware optimization.