Poison Data


Poison Data

Poison Data

Got a bot problem?

Don’t block them, just poison the data you give them.

Just yesterday I was talking to a colleague about ways to protect our IP/data.

Hypothetically, if we determined requests were coming from a malicious party, we could “poison” the data.

That means shuffling it and returning misleading data. Change email addresses, phone numbers, key measurements, etc.

That way, regardless of if the malicious party was using the data to train a model, as a source for RAG, or just scraping the old-fashioned way, they would ultimately be quite counterproductive for them.

The bots would think they successfully crawled your data set and likely start serving up the bad data to their users, which would likely lead to frustration and a damaged reputation.

Poisoning the data is the easy part. Detecting the malicious parties is the hard part.

You need to be really careful if you decide to try something like this, or you could damage your reputation with your legitimate users.

To be clear, this is NOT something I recommend broadly.

You would need to be surgical in your execution if you are crazy enough to try something like this.

If you need help dealing with the barrage of bot traffic, shoot me a message and let's chat.