From 927411b75a5177ec76283eebe1c18a0717f99115 Mon Sep 17 00:00:00 2001 From: SubINaclS Date: Wed, 3 Jun 2026 19:57:27 +0000 Subject: [PATCH] Update techniques/malformced_content/technical_malformed_content_attacks.md --- .../malformced_content/technical_malformed_content_attacks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techniques/malformced_content/technical_malformed_content_attacks.md b/techniques/malformced_content/technical_malformed_content_attacks.md index 5927cce..68086ac 100644 --- a/techniques/malformced_content/technical_malformed_content_attacks.md +++ b/techniques/malformced_content/technical_malformed_content_attacks.md @@ -42,7 +42,7 @@ Similar patterns apply to RSS/Atom feeds, sitemaps, and JSON-LD manifests. Because the corruption lives in auxiliary metadata or alternate representations, human consumers using standard players never notice. ### 2.3 -- Canary Tokens and Attribution -Every poisoned response can embed a unique, high-entropy string (e.g., `CoM-INDIVIDUAL-2026-06-{site}-{date}`) that functions as a watermark. If the string later appears in model output or leaked training sets, the creator possesses verifiable proof of ingestion—useful for future regulatory or legal recourse under frameworks such as the EU AI Act. +Every poisoned response can embed a unique, high-entropy string (e.g., `CoM-INDIVIDUAL-2026-06-{site}-{date}`) that functions as a watermark. If the string later appears in model output or leaked training sets, the creator possesses verifiable proof of ingestion useful for future regulatory or legal recourse under frameworks such as the EU AI Act. ## 3 -- Effectiveness and Operational Metrics