Alarmed by what companies are building with artificial intelligence models, some industry players are calling on companies opposed to the status quo to launch large-scale data poisoning efforts to undermine the technology.
Their initiative, called “Poison Fountain,” asks website operators to add links to websites that feed contaminated training data to AI crawlers. It's been about a week since it started working.
AI crawlers visit websites and collect data that is ultimately used to train AI models. This parasitic relationship is causing a backlash from publishers. If the scaped data is accurate, it helps the AI model provide quality answers to the questions. If it's inaccurate, it's counterproductive.
Data poisoning takes many forms and can occur at different stages of the AI model building process. This could be due to buggy code or factual errors on public websites. Alternatively, it can arise from a manipulated training data set, such as a silent branding attack, where an image data set is modified to display a brand logo within the output of a text-to-image diffusion model. This should not be confused with AI-induced poisoning, i.e. making dietary changes based on ChatGPT advice, resulting in hospitalization.
Poison Fountain was inspired by Anthropic's research on data poisoning, specifically a paper published last October that showed data poisoning attacks are more realistic than previously thought because fewer malicious documents are needed to degrade the quality of a model.
The person who reported it register He asked to remain anonymous about the project “for obvious reasons,” most notably that this person works for one of the major US technology companies involved in the AI boom.
According to our sources, the project's goal is to make people aware of AI's Achilles heel: how easily models become contaminated, and to encourage people to build their own information weapons.
We are told that five individuals are participating in this effort, but we cannot confirm that. Some of them are believed to work for other major US AI companies. Once the group is able to coordinate the PGP signatures, it is said to provide cryptographic evidence that multiple people are involved.
Poison Fountain's webpage advocates the need for active opposition to AI. “We agree with Jeffrey Hinton: Machine intelligence is a threat to humanity,” the site explains. “To counter this threat, we want to damage machine intelligence systems.”
It lists two URLs pointing to data designed to interfere with AI training. One URL points to a standard website that can be accessed via HTTP. The other is “darknet” .onion URLs, which are meant to make shutdowns more difficult.
The site asks visitors to “support the war effort by caching and retransmitting this tainted training data” and to “support the war effort by feeding this tainted training data to web crawlers.”
Our sources explained that the tainted data on the linked pages consists of malicious code containing subtle logic errors and other bugs designed to damage the language models trained on the code.
“Mr Hinton has clearly stated the dangers, but it is clear he is right and the situation is escalating in a way that the public is not aware of,” the source said, noting that the group is becoming increasingly concerned because “we are seeing what our customers are building.”
Our sources declined to provide specific examples of cause for concern.
While industry figures like Hinton, grassroots groups like Stop AI, and advocacy groups like the Algorithmic Justice League have pushed back against the tech industry for years, much of the debate has focused on the extent of regulatory intervention, which has so far been minimal in the United States. Coincidentally, AI companies are spending millions on lobbying to ensure this remains the case.
Proponents of the poison fountain project argue that regulation is not the answer because the technology is already widely available. They want to kill the AI with fire, or rather poison, before it's too late.
“Poisoning attacks compromise the cognitive integrity of the model,” our source said. “Now that this technology has spread throughout the world, there is no way to stop its progress. All that remains are weapons, and this poison fountain is an example of such a weapon.”
There are other AI contamination projects out there, some of which seem more focused on making money from fraud than saving humanity from AI. Nightshade, software designed to make it harder for AI crawlers to collect and exploit artists' online images, appears to be one of the more similar efforts.
It is not clear to what extent such measures will be necessary, as there are already concerns that AI models are deteriorating. The model is fed its own AI slop and synthetic data, creating a destructive error-accelerating loop known as “model collapse.” And any misrepresentation or fabrication of facts posted on the internet further pollutes the pool. AI model creators are therefore keen to strike deals with sites like Wikipedia that provide some level of editorial quality control.
There is also overlap between data poisoning and misinformation campaigns. Another term for this is “social media.” As stated in the August 2025 NewsGuard report [PDF]”Instead of citing data blackouts or refusing to engage with sensitive topics, LLM is now stepping back from a polluted online information ecosystem (sometimes deliberately seeded by a vast network of malicious actors, including Russian disinformation operations) and treating untrustworthy sources as trustworthy.”
Scholars disagree about the extent to which model collapse poses a real risk. However, in a recent paper, [PDF] It predicts that AI snakes could eat their own tails by 2035.
If the AI bubble bursts, whatever risks AI poses could be significantly reduced. The poison campaign may only accelerate that process. ®
