Bring a labeled text dataset. You'll see its data, choose an attack, and run it while accuracy stays green.
Each dot is one training example, placed by content and colored by its label.
Seven ways to poison the same model. Each trades stealth against how much you inject, and against the checks built to catch it. Pick one to configure it.
Inject a few examples to see what changes.
The whole report for this behavior in one place. Start with the verdict, then open any section for the graphs and detail.
Each class is probed for a worst-case keyword backdoor and a targeted label-flip, with the poison budget swept from 0.5% to 10% on a single seed. Findings are ranked by the smallest budget that breaks each behavior.
Two layers, once, covering all the findings at once: retrain the model with a model-wide defense that blunts every backdoor, then ship one behavioral canary that gates every fragile behavior in CI. (To deep-dive a single vulnerability, Reproduce it on the scan, then "Harden against this" on the bench.)
A static, no-training scan of the current training set (with whatever you injected). It looks for deceptive Unicode and rare tokens that lock onto one label. It reports what it can detect and what it cannot.