Poisoned truth: The quiet security threat inside enterprise AI

Enterprise AI systems face a largely underappreciated threat: data and context poisoning. Unlike traditional cyberattacks, poisoning corrupts the model's understanding of reality — causing plausible but harmful outputs with no visible breach. Experts distinguish between intentional poisoning (adversarial manipulation of training data, RAG pipelines, or agent memory) and accidental pollution (stale, conflicting, or low-quality internal data). Research shows as few as 250 maliciously crafted documents can corrupt LLMs of any size, enabling supply chain attacks via Wikipedia scrapes, GitHub repos, or compromised retrieval layers. CrowdStrike has confirmed real-world instances. Security leaders are advised to audit every data source AI systems trust, treat poisoning as a supply chain problem, map all context injection points beyond just foundational models, and establish clear governance over who owns and validates AI-consumed data.