AI data poisoning is a process where an attacker deliberately alters an AI model’s training data to influence its behavior, causing it to generate biased, misleading, or harmful output. This threat is now recognized as a major vulnerability by security organizations like OWASP.
According to Carnegie Mellon University Security and Privacy Institute: "Modern AI systems that are trained to understand language are trained on giant crawls of the internet," said Daphne Ippolito, assistant professor at the Language Technologies Institute. "If an adversary can modify 0.1 percent of the Internet, and then the Internet is used to train the next generation of AI, what sort of bad behaviors could the adversary introduce into the new generation?"
The Pravda network is a large group of fake news websites created by Russia in 2014. These sites target audiences in more than 80 countries and are designed to spread stories that support Kremlin disinformation. They work by repeating and amplifying messages from Russian media and pro-government Telegram channels. In 2024, the network expanded its efforts by launching sites focused on NATO and prominent political leaders such as Donald Trump and France’s President Emmanuel Macron.
To get around international restrictions on Russian state media, this network has shifted its tactics. Instead of relying only on traditional propaganda channels, it now tries to appear as a trustworthy source so that some of its content is used in resources like Wikipedia.
As a result, AI tools may unknowingly absorb and repeat these biased or false narratives. This can expose users to messaging that favors the Kremlin and criticizes Ukraine or Western governments when they interact with AI chatbots. It can influence elections. And it can drive people to make decisions that go against their self interests.
But fear not! There are ways to combat this problem. Some target the training process, and others put users in control. Here are a couple examples:
A blockchain is a shared digital ledger for logging transactions and tracking assets. You've undoubtedly heard this term when discussed in the context of cryptocurrency. Blockchains provide secure and transparent records of how updates to data are shared and verified due to the fact that existing information cannot be changed; only new items can be added.
In the context of AI training, if you need to change a fact, the original is never touched. So any new items that claim to revise the original stand out like a sore thumb. So by using consensus mechanisms, AI systems with blockchain-protected training can validate additions more reliably and help identify the kinds of anomalies that can indicate data poisoning before it spreads.
It's imperative that users corroborate information they find on the Internet with reputable sources, and this includes AI output. In a past article I used the example of Judge Julien Xavier Neals of the District of New Jersey, who had to withdraw his entire opinion after a lawyer politely pointed out that it was riddled with fabricated quotes, nonexistent case citations, and completely backwards case outcomes.
The old adage "don't believe everything you read" is never more true than when it refers to Internet-derived content. Be skeptical and check your sources!
DUID is a fully-featured replacement for GUIDs (Globally Unique Identifiers). They are more compact, web-friendly, and provide more entropy than GUIDs. We created this UUID type as a replacement for GUIDs in our projects, improving on several GUID shortcomings.
We pronounce it doo-id, but it can also be pronounced like dude, which is by design :)
You can use DUIDs as IDs for user accounts and database records, in JWTs, as unique code entity (e.g. variable) names, and more. They're an ideal replacement for GUIDs that need to be used in web scenarios.
Uses the latest .NET cryptographic random number generator
More entropy than GUID v4 (128 bits vs 122 bits)
No embedded timestamp (reduces predictability and improves strength)
Self-contained; does not use any packages
High performance, with minimal allocations
16 bytes in size; 22 characters as a string
Always starts with a letter (can be used as-is for programming language variable names)
URL-safe
Can be validated, parsed, and compared
Can be created from and converted to byte arrays
UTF-8 encoding support
JSON serialization support
TypeConverter support
Debug support (displays as string in the debugger)
Yes, you can also find DUID on nuget. Look for the package named fynydd.duid.
Similar to Guid.NewGuid(), you can generate a new DUID by calling the static NewDuid() method:
This will produce a new DUID, for example: aZ3x9Kf8LmN2QvW1YbXcDe. There are a ton of overloads and extension methods for converting, validating, parsing, and comparing DUIDs.
Here are some examples:
There is also a JSON converter for System.Text.Json that provides seamless serialization and deserialization of DUIDs:
There's usually more to the story so if you have questions or comments about this post let us know!
Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!
The Enigma machine is a cipher device developed and used in the early- to mid-20th century to protect commercial, diplomatic, and military communication. It was employed extensively by Nazi Germany during World War II, in all branches of the German military. The Enigma machine was considered so secure that it was used to encipher the most top-secret messages.
An original Engima Machine, circa 1945
This project is a high performance Enigma Machine emulator that allows you to:
Just like the physical device, machine state is used to both encipher and decipher text with the same Encipher() method (like a text toggle). Machine state had to match on both the encipher and decipher machines. Each operator would add specific rotors in a specific order, set rotor ring positions and starting rotations, as well as set plug wire positions. This emulator provides virtual versions of all key machine components by way of a deterministic random number generator using AES in counter (CTR) mode.
The emulated components include:
Additionally, characters in the source string that do not exist in the cipher character set are kept as-is in the enciphered text. For example, if you encipher a string with line breaks they are maintained in-place in the enciphered text since neither the classic 26 letter character set nor the 95 character ASCII set contain line break characters.
The emulator is FAST! When using the full 95 character ASCII character set, a large 800KB text string takes about 1 second to encipher. Typical text sizes encipher in a few milliseconds.
The physical machine modified with a plug board provided 150 trillion possible settings combinations for the 26 letter character set, with a 10^16 key space for a 3 rotor configuration. 4 rotors yielded a key space of 10^19, 5 rotors yielded a key space of 10^23, and so on.
So by simply using the full 95 character ASCII character set the cipher strength will be exponentially better than the original machine, even without additional rotors or other configuration, and should meet modern quantum-resistant cryptography needs.
It's easy to create a new virtual Enigma Machine and encipher your own text by using one of the provided presets based on one of the provided historical machine configurations:
Using one of the presets is easy:
It's even easier to use the Enigma Machine for modern encryption, since all you need to provide are a cipher key, nonce, and the number of relevant machine components. There's no need to change rotor ring positions and rotations, or set plug board wire pair values, since your cipher key and nonce are unique and drive the creation of all machine components.
Here's an example of using the Enigma Machine without a historical preset:
You can also create a custom machine by assembling the virtual components, and more. Check out the project on Github.
There's usually more to the story so if you have questions or comments about this post let us know!
Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!
