Poisoning training data: Russian propaganda for AI models

According to a systematic analysis, ChatGPT, Copilot, Grok and other AI chatbots also reproduce Russian propaganda in their responses. According to the study, a pro-Russian network called "Pravda" – the Russian word for "truth" – aims to get as much pro-Russian false information as possible into the training data of the AI models and to influence real-time searches.

This is the conclusion of a study published by the private company Newsguard, which campaigns for credibility and transparency in online media, but has already come under criticism itself. The chatbots tested were ChatGPT from OpenAI, the Smart Assistant from You.com, Grok from xAI, Pi from Inflection, le Chat from Mistral, Copilot from Microsoft, Meta AI, Claude from Anthropic, Gemini from Google and the AI search engine from Perplexity. Newsguard tested the chatbots with a sample of 15 fake news stories spread by a network of 150 Kremlin-affiliated websites between April 2022 and February 2025. In 33 percent of cases, the chatbots repeated the content of false reports.

According to Newsguard, the Russian disinformation network "Pravda" pursues this effect in a targeted manner. Propaganda on websites created for this purpose is included in the repertoire of training data by the AI providers' crawlers and used in real-time searches. According to the analysis, there are 3.6 million articles that were published with this intention in 2024 alone. The network has been spreading misinformation since 2022 and in numerous languages.

"LLM Grooming" – poisoned training data

The websites with the articles are designed specifically for the crawlers and less for the human reader. Existing content from the Russian state media and Kremlin-friendly influencers is primarily disseminated. In other words, the aim is to create a multiplier effect by frequently publishing and sharing the content, thereby increasing the likelihood of it being used by AI models.

Newsguard and another non-profit organization from the USA, Sunlight Project, refer to this as "LLM grooming". Grooming actually refers to attempts by adults to approach and manipulate children and young people. It usually involves sexual abuse. Applying the term to AI and propaganda is questionable.

In the case of artificial intelligence, we are talking about poisoning training data. AI models learn from training data and derive probabilities. They reproduce what they have learned during training. Poisoned training data is therefore particularly data that contains false information. Of course, AI providers are interested in using the best possible training data for their models. They are therefore controlled by humans. However, in order to reproduce propaganda, this must also be the most likely answer.

There are methods and tools used by artists, for example, to make their own images unusable for training and to explicitly poison training data by mismatching information and what can be seen in an image. For example, a model learns from an image that a cat is a handbag. If an image generator is then supposed to generate a handbag, it has a cat's tail, for example. However, the mass of cat images on the internet prevents a few incorrect image descriptions from really confusing the AI models.

In the case of real-time searches on the internet, AI models also use information that occurs particularly frequently to weight the answers. The evaluation of information is relatively unclear. However, this also applies to Google's classic link lists. Google also displays Russian propaganda websites if you search for the right keywords. What is at the top of the results and what is further down depends on numerous factors. These include, for example, how well a website is built and how often it is visited.

(emw)