Pretraining Data Can Be Poisoned through Computational Propaganda

📅 2026-07-16
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses a critical yet overlooked vulnerability in large language model pretraining: the potential poisoning of training data via publicly accessible web comment sections. While existing research has largely ignored how malicious content persists through real-world data collection and cleaning pipelines, this study demonstrates for the first time that third-party webpage comments can serve as a viable attack vector for pretraining data poisoning. To quantify the retention rate of adversarial content in pretraining corpora, the authors introduce HalfLife, an analytical framework that integrates large-scale content injection, realistic web crawling simulation, and modeling of standard data cleaning procedures. Experimental results confirm the practical feasibility of such attacks, revealing that malicious payloads can survive conventional preprocessing and remain embedded in the final training set, thereby exposing significant weaknesses in current pretraining data security practices.
📝 Abstract
Poisoning pretraining data can introduce harmful behaviors to LMs that are difficult to detect and mitigate. Prior work on poisoning pretraining data has largely exploited established data sources such as Wikipedia, which do not represent the large scale and heterogeneity typical of pretraining corpora, and has ignored the interaction between poisoned data and data curation pipelines. We demonstrate that poisoning attacks on pretraining data are feasible beyond this limited setting through an existing web-scale content injection mechanism: public discussion interfaces. Additionally, to measure whether malicious content is included after web crawling and data curation, we introduce HalfLife, a novel analysis for estimating adversarial content inclusion in web-crawl based LM training data. We use HalfLife to explore the feasibility of poisoning pretraining corpora at web scale through open discussion interfaces. Our analysis demonstrates the importance of estimating whether poison injections are included in pretraining data, and establishes third-party webpage content as a possible vector for attacking language model pretraining.
Problem

Research questions and friction points this paper is trying to address.

pretraining data poisoning
computational propaganda
language models
web-scale content injection
data curation
Innovation

Methods, ideas, or system contributions that make the work stand out.

data poisoning
pretraining corpora
computational propaganda
HalfLife
web-scale attack
🔎 Similar Papers
No similar papers found.