AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

User Isolation Poisoning on Decentralized Federated Learning: An Adversarial Message-Passing Graph Neural Network Approach

inforesearchPeer-Reviewed

securityresearch

Source: IEEE Xplore (Security & AI Journals)December 2, 2025

Summary

Researchers have identified a new attack called user isolation poisoning (UIP) that targets decentralized federated learning (DFL, a system where multiple computers train AI models together without sending raw data to a central server). A malicious participant in DFL can use an adversarial message-passing graph neural network (a type of AI model that shares information between connected nodes) to strategically corrupt their model updates, which tricks the system into ignoring honest participants' contributions and reduces the overall accuracy of the shared model by up to 49.5%.

Classification

Attack Type

Model Poisoning

Attack SophisticationAdvanced

Impact (CIA+S)

integrityavailability

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Similar attackNVD/CVE Database

info

Model Stability Defense Against Model Poisoning in Federated Learning

Monthly digest — independent AI security research

Original source: http://ieeexplore.ieee.org/document/11271864

First tracked: June 4, 2026 at 08:03 PM

Classified by LLM (prompt v3) · confidence: 92%