Basic Concept: AI systems that rely on knowledge bases, vector databases, or reference documents are vulnerable to attacks that corrupt or manipulate that source data. When an adversary deliberately modifies the data an AI uses, this is a form of data poisoning. CompTIA SecAI+ Study Guide covers data poisoning as a core AI vulnerability.
Why C is Correct: Data poisoning is an attack where an adversary intentionally corrupts or manipulates the data that an AI system uses for training, inference, or reference. In this scenario, the employee modified the company policies document that the chatbot uses as its knowledge base, causing the chatbot to provide incorrect, misleading, or confusing information to users. This is a classic indirect data poisoning attack targeting the AI ' s reference data rather than its model weights.
Why A is Wrong: Data reduction refers to techniques that decrease the volume or dimensionality of data for processing efficiency. It is a data engineering concept, not an attack vector or vulnerability classification.
Why B is Wrong: Data masking replaces sensitive data values with anonymized equivalents to protect privacy. It is a data protection control used legitimately, not an attack that an employee would exploit to cause disruption.
Why D is Wrong: Data leaking involves unauthorized disclosure of sensitive information from an AI system or its associated data stores. The employee ' s action of manipulating data is an integrity attack, not a confidentiality violation involving leakage of data to unauthorized parties.
Submit