🟠 High  |  Source: The Register — Security


A researcher has demonstrated that open-weight AI models can be poisoned — subtly manipulated to produce malicious or misleading outputs — for less than $100. Unlike closed models hosted by major providers, open-weight models are distributed as downloadable weights with no central verification mechanism, meaning users have no reliable way to confirm a model hasn’t been tampered with. This highlights a growing supply chain risk for organisations deploying open-weight models in production environments.

Security Architect’s Take: Treat open-weight model files as untrusted third-party binaries: enforce cryptographic hash verification against a trusted source before deployment, restrict model ingestion to approved registries, and apply runtime behavioural monitoring to detect anomalous outputs — particularly in pipelines where AI output influences security decisions or automated actions.

Original advisory: Researcher poisons open-weight AI model for under $100