Hasil untuk "Toxicology. Poisons"

Emeka John Dingwoke

Snakebite envenoming remains a neglected tropical disease that disproportionately affects rural populations in the tropical regions, where access to timely and effective treatment is often limited. Conventional antivenoms, produced by immunizing animals with pooled venoms, have demonstrated clinical benefit but may show variable performance against the complex and geographically heterogeneous composition of snake venoms. Advances in proteomics, transcriptomics, and genomics have revealed substantial intra- and interspecies variation in venom composition with potential implications for antivenom design and evaluation. This review synthesizes current knowledge on the molecular, ecological, and evolutionary drivers of venom diversity and discusses how these insights may inform the development of more regionally informed and evidence-based therapeutic strategies. Particular attention is given to toxin-resolved antivenomics, monoclonal antibody–based approaches, recombinant platforms, and emerging computational tools for antigen prioritization. The potential role of rapid diagnostics and immunoinformatics in supporting clinical decision-making is also considered. Overall, the review highlights how population-level venom data and translational research may contribute to evidence-based improvements in antivenom design, while acknowledging the regulatory, economic, and implementation challenges involved.

Hassan Raza, Muhammad Tauseef Sultan, Asad Abbas et al.

ABSTRACT Medicinal plants have garnered special attention worldwide in food, pharmaceutical, nutraceutical, and cosmetic industries, owing to their diverse nutritional and therapeutic profile. Rural inhabitants have traditionally used these plants as therapeutic agents to manage prevalent disorders. Ricinus communis, known as the castor bean, is native to East Africa, the Mediterranean Basin, and Southeast Asia, including India and Pakistan. It is extensively used in various medicinal systems to treat different disorders. This review summarizes the nutritional composition, phytochemistry, health benefits, safety studies, and applications of castor beans and their oil. Various search engines like Google Scholar, PubMed, and ScienceDirect were used to obtain relevant studies (n = 159). The findings showed that diverse bioactive compounds, including saponins, emodins, terpenoids, anthraquinones, flavonoids, steroids, and alkaloids, exhibit therapeutic properties such as antioxidant, anticancer, anti‐inflammatory, antimicrobial, antidiabetic, and hepatoprotective properties. Furthermore, its antioxidant potential helps attenuate oxidative stress and its associated disorders, including diabetes, cardiovascular disease, and other metabolic disorders. Additionally, different studies have documented the toxicity of castor beans, especially ricin.

Vicenç Torra, Maria Bras-Amorós

Memory poisoning attacks for Agentic AI and multi-agent systems (MAS) have recently caught attention. It is partially due to the fact that Large Language Models (LLMs) facilitate the construction and deployment of agents. Different memory systems are being used nowadays in this context, including semantic, episodic, and short-term memory. This distinction between the different types of memory systems focuses mostly on their duration but also on their origin and their localization. It ranges from the short-term memory originated at the user's end localized in the different agents to the long-term consolidated memory localized in well established knowledge databases. In this paper, we first present the main types of memory systems, we then discuss the feasibility of memory poisoning attacks in these different types of memory systems, and we propose mitigation strategies. We review the already existing security solutions to mitigate some of the alleged attacks, and we discuss adapted solutions based on cryptography. We propose to implement local inference based on private knowledge retrieval as an example of mitigation strategy for memory poisoning for semantic memory. We also emphasize actual risks in relation to interactions between agents, which can cause memory poisoning. These latter risks are not so much studied in the literature and are difficult to formalize and solve. Thus, we contribute to the construction of agents that are secure by design.

Guilherme Henrique Tamarindo, Gustavo Matheus Amaro, Alana Della Torre da Silva et al.

The polyunsaturated fatty acids of the omega-3 class have been widely investigated due to their antitumor properties, including in prostate cancer (PCa). Among them is docosahexaenoic acid (DHA, C22:6 ω-3), whose biological activity is higher than other omega-3s, exhibiting a stronger impact on PCa. The specific mechanisms triggered by DHA are blurred by studies that used a blend of omega-3s, delaying the understanding of its biological role, and hence alternative therapeutic approaches. DHA is differentially processed between normal and malignant epithelial PCa cells, which suggests its function as a tumor suppressor. At cell-specific level, it downregulates key pathways in PCa, such as androgen signaling and lipid metabolism, but also changes membrane composition by disrupting phospholipid balance and increasing unsaturation status, arrests the cell cycle, and induces apoptosis and reactive oxygen species (ROS) overproduction. At the tissue level, DHA seems to influence stromal components, such as the inhibition of cancer-associated fibroblast differentiation and resolution of inflammation, which generates a microenvironment favorable to PCa initiation and progression. Considering that such effects are misunderstood and assigned to omega-3s in general, this review aims to discuss the specific effects of DHA on PCa based on in vitro and in vivo evidence.

Sanhanat Sivapiromrat, Caiqi Zhang, Marco Basaldella et al.

Recent studies have shown that Large Language Models (LLMs) are vulnerable to data poisoning attacks, where malicious training examples embed hidden behaviours triggered by specific input patterns. However, most existing works assume a phrase and focus on the attack's effectiveness, offering limited understanding of trigger mechanisms and how multiple triggers interact within the model. In this paper, we present a framework for studying poisoning in LLMs. We show that multiple distinct backdoor triggers can coexist within a single model without interfering with each other, enabling adversaries to embed several triggers concurrently. Using multiple triggers with high embedding similarity, we demonstrate that poisoned triggers can achieve robust activation even when tokens are substituted or separated by long token spans. Our findings expose a broader and more persistent vulnerability surface in LLMs. To mitigate this threat, we propose a post hoc recovery method that selectively retrains specific model components based on a layer-wise weight difference analysis. Our method effectively removes the trigger behaviour with minimal parameter updates, presenting a practical and efficient defence against multi-trigger poisoning.

C. P. Larson, E. Yelton, K. Dodge et al.

When a high-energy particle, such as a $γ$-ray or muon, impacts the substrate of a superconducting qubit chip, large numbers of electron-hole pairs and phonons are created. The ensuing dynamics of the electrons and holes changes the local offset-charge environment for qubits near the impact site. The phonons that are produced have energy above the superconducting gap in the films that compose the qubits, leading to quasiparticle excitations above the superconducting ground state when the phonons impinge on the qubit electrodes. An elevated density of quasiparticles degrades qubit coherence, leading to errors in qubit arrays. Because these pair-breaking phonons spread throughout much of the chip, the errors can be correlated across a large portion of the array, posing a significant challenge for quantum error correction. In order to study the dynamics of $γ$-ray impacts on superconducting qubit arrays, we use a $γ$-ray source outside the dilution refrigerator to controllably irradiate our devices. By using charge-sensitive transmon qubits, we can measure both the offset-charge shifts and quasiparticle poisoning due to the $γ$ irradiation at different doses. We study correlations between offset-charge shifts and quasiparticle poisoning for different qubits in the array and compare this with numerical modeling of charge and phonon dynamics following a $γ$-ray impact. We thus characterize the poisoning footprint of these impacts and quantify the performance of structures for mitigating phonon-mediated quasiparticle poisoning.

Hyeonjeong Ha, Qiusi Zhan, Jeonghwan Kim et al.

Multimodal large language models with Retrieval Augmented Generation (RAG) have significantly advanced tasks such as multimodal question answering by grounding responses in external text and images. This grounding improves factuality, reduces hallucination, and extends reasoning beyond parametric knowledge. However, this reliance on external knowledge poses a critical yet underexplored safety risk: knowledge poisoning attacks, where adversaries deliberately inject adversarial multimodal content into external knowledge bases to steer model toward generating incorrect or even harmful responses. To expose such vulnerabilities, we propose MM-PoisonRAG, the first framework to systematically design knowledge poisoning in multimodal RAG. We introduce two complementary attack strategies: Localized Poisoning Attack (LPA), which implants targeted multimodal misinformation to manipulate specific queries, and Globalized Poisoning Attack (GPA), which inserts a single adversarial knowledge to broadly disrupt reasoning and induce nonsensical responses across all queries. Comprehensive experiments across tasks, models, and access settings show that LPA achieves targeted manipulation with attack success rates of up to 56%, while GPA completely disrupts model generation to 0% accuracy with just a single adversarial knowledge injection. Our results reveal the fragility of multimodal RAG and highlight the urgent need for defenses against knowledge poisoning.

Nannan Yang, Jiafu Guo, Jian Zhang et al.

Abstract Alkaloids are naturally occurring compounds with complex structures found in natural plants. To further improve the understanding of plant alkaloids, this review focuses on the classification, toxicity and mechanisms of action, providing insight into the occurrence of alkaloid-poisoning events and guiding the safe use of alkaloids in food, supplements and clinical applications. Based on their chemical structure, alkaloids can be divided into organic amines, diterpenoids, pyridines, isoquinolines, indoles, pyrrolidines, steroids, imidazoles and purines. The mechanisms of toxicity of alkaloids, including neurotoxicity, hepatoxicity, nephrotoxicity, cardiotoxicity and cytotoxicity, have also been reviewed. Some cases of alkaloid poisoning have been introduced when used as food or clinically, including accidental food poisoning, excessive consumption, and poisoning caused by the improper use of alkaloids in a clinical setting, and the importance of safety evaluation was illustrated. This review summarizes the toxicity and mechanism of action of alkaloids and provides evidence for the need for the safe use of alkaloids in food, supplements and clinical applications.

Arunkumar Subramanian, T. Tamilanban, Vetriselvan Subramaniyan et al.

Alzheimer’s disease (AD) is a major cause of disability and one of the top causes of mortality globally. AD remains a major public health challenge due to its prevalence, impact on patients and caregivers, and the current lack of a cure. In recent years, polyphenols have garnered attention for their potential therapeutic effects on AD. The objective of the study was to establish network pharmacology between selected polyphenols of plant origin and AD. Insilico tools such as SwissADME, ProTox3.0, pkCSM, Swiss Target Prediction, DisGeNET, InterActiVenn, DAVID database, STRING database, Cytoscape/CytoHubba were employed to establish the multi-target potential of the polyphenolic compounds. The present study revealed that out of 17 polyphenols, 10 ligands were found to possess a drug-likeness nature along with desirable pharmacokinetic parameters and a lesser toxicity profile. Also, the results highlighted the possible interactions between the polyphenols and the disease targets involved in AD. Further, this study has shed light on the mTOR pathway and its impact on AD through the autophagic mechanism. Overall, this study indicated that polyphenols could be a better therapeutic option for treating AD. Hence, the consumption of polyphenolic cocktails as a part of the diet could produce more effective outcomes against the disease. Additional studies are warranted in the future to explore additional pathways and genes to provide a comprehensive understanding regarding the usage of the shortlisted polyphenols and their derivatives for the prevention and treatment of AD.

Shihua Sun, Shridatt Sugrim, Angelos Stavrou et al.

Federated Learning (FL) exposes vulnerabilities to targeted poisoning attacks that aim to cause misclassification specifically from the source class to the target class. However, using well-established defense frameworks, the poisoning impact of these attacks can be greatly mitigated. We introduce a generalized pre-training stage approach to Boost Targeted Poisoning Attacks against FL, called BoTPA. Its design rationale is to leverage the model update contributions of all data points, including ones outside of the source and target classes, to construct an Amplifier set, in which we falsify the data labels before the FL training process, as a means to boost attacks. We comprehensively evaluate the effectiveness and compatibility of BoTPA on various targeted poisoning attacks. Under data poisoning attacks, our evaluations reveal that BoTPA can achieve a median Relative Increase in Attack Success Rate (RI-ASR) between 15.3% and 36.9% across all possible source-target class combinations, with varying percentages of malicious clients, compared to its baseline. In the context of model poisoning, BoTPA attains RI-ASRs ranging from 13.3% to 94.7% in the presence of the Krum and Multi-Krum defenses, from 2.6% to 49.2% under the Median defense, and from 2.9% to 63.5% under the Flame defense.

Hanxi Guo, Hao Wang, Tao Song et al.

Without direct access to the client's data, federated learning (FL) is well-known for its unique strength in data privacy protection among existing distributed machine learning techniques. However, its distributive and iterative nature makes FL inherently vulnerable to various poisoning attacks. To counteract these threats, extensive defenses have been proposed to filter out malicious clients, using various detection metrics. Based on our analysis of existing attacks and defenses, we find that there is a lack of attention to model redundancy. In neural networks, various model parameters contribute differently to the model's performance. However, existing attacks in FL manipulate all the model update parameters with the same strategy, making them easily detectable by common defenses. Meanwhile, the defenses also tend to analyze the overall statistical features of the entire model updates, leaving room for sophisticated attacks. Based on these observations, this paper proposes a generic and attack-agnostic augmentation approach designed to enhance the effectiveness and stealthiness of existing FL poisoning attacks against detection in FL, pointing out the inherent flaws of existing defenses and exposing the necessity of fine-grained FL security. Specifically, we employ a three-stage methodology that strategically constructs, generates, and injects poison (generated by existing attacks) into a pill (a tiny subnet with a novel structure) during the FL training, named as pill construction, pill poisoning, and pill injection accordingly. Extensive experimental results show that FL poisoning attacks enhanced by our method can bypass all the popular defenses, and can gain an up to 7x error rate increase, as well as on average a more than 2x error rate increase on both IID and non-IID data, in both cross-silo and cross-device FL systems.

Shengyao Zhuang, Bevan Koopman, Guido Zuccon

The emergence of Vec2Text -- a method for text embedding inversion -- has raised serious privacy concerns for dense retrieval systems which use text embeddings. This threat comes from the ability for an attacker with access to embeddings to reconstruct the original text. In this paper, we take a new look at Vec2Text and investigate how much of a threat it poses to the different attacks of corpus poisoning, whereby an attacker injects adversarial passages into a retrieval corpus with the intention of misleading dense retrievers. Theoretically, Vec2Text is far more dangerous than previous attack methods because it does not need access to the embedding model's weights and it can efficiently generate many adversarial passages. We show that under certain conditions, corpus poisoning with Vec2Text can pose a serious threat to dense retriever system integrity and user experience by injecting adversarial passaged into top ranked positions. Code and data are made available at https://github.com/ielab/vec2text-corpus-poisoning

Zachary Coalson, Huazheng Wang, Qingyun Wu et al.

We study the robustness of data-centric methods to find neural network architectures, known as neural architecture search (NAS), against data poisoning. To audit this robustness, we design a poisoning framework that enables the systematic evaluation of the ability of NAS to produce architectures under data corruption. Our framework examines four off-the-shelf NAS algorithms, representing different approaches to architecture discovery, against four data poisoning attacks, including one we tailor specifically for NAS. In our evaluation with the CIFAR-10 and CIFAR-100 benchmarks, we show that NAS is \emph{seemingly} robust to data poisoning, showing marginal accuracy drops even under large poisoning budgets. However, we demonstrate that when considering NAS algorithms designed to achieve a few percentage points of accuracy gain, this expected improvement can be substantially diminished under data poisoning. We also show that the reduction varies across NAS algorithms and analyze the factors contributing to their robustness. Our findings are: (1) Training-based NAS algorithms are the least robust due to their reliance on data. (2) Training-free NAS approaches are the most robust but produce architectures that perform similarly to random selections from the search space. (3) NAS algorithms can produce architectures with improved accuracy, even when using out-of-distribution data like MNIST. We lastly discuss potential countermeasures. Our code is available at: https://github.com/ztcoalson/NAS-Robustness-to-Data-Poisoning

Malla Bharadwaj Sai Satya Murthy, Kattamreddy Ananth Rupesh

Forensic trichology is the study of hair evidence in criminal investigations, helping identify individuals and provide insights into their activities and associations. Forensic onychology, or forensic nail examination, involves analyzing nail evidence to determine factors like cause of death, drug use, or occupational history, assisting in uncovering critical information in forensic investigations. The analytical toxicology of human hair and nails has advanced significantly in recent years, allowing for a more accurate and comprehensive assessment of exposure to drugs, chemicals, and other toxic substances. Hair and nails are increasingly employed as matrices for the detection of new pharmacological targets because of their special qualities, such as their capacity to absorb and store xenobiotics for extended periods of time. However, interpreting the evidence in this area is overly complex and requires strong forensic expertise and adherence to strict scientific protocols. This review will discuss current research in forensic tricho-toxicology and forensic onycho-toxicology.

Bill L. Lasley

The results of two previously published reports of the events and impacts of the Campfire wildfire smoke exposure that occurred in California in 2018 are amplified from the point of view of the potential toxic mechanism involved. The Campfire wildfire led to the exposure of a breeding colony of macaque monkeys (Macaca mulatta) during the peak of their breeding season in 2018–2019. Considering the timing, adverse effects, and endocrine implications reported, the cumulative evidence points to an early toxic sensitive period that can lead to birth defects in higher primates and human pregnancies. This deeper inspection of the published observations provides important caveats and useful guidance for future investigators. The unique higher primate placental–adrenal–brain axis may limit the use of many traditional toxicologic approaches. Retrospective neurological evaluations of human fetuses exposed to air pollutants during organogenesis and subsequent retrospective characterization of air samples using in vitro and animal models may be the best procedures to follow.

Sunusi Usman, Ahmad Faizal Abdull Razis, Khozirah Shaari et al.

Microplastics (MPs) have become emerging pollutants of public health concern, due to their impact on aqua-terrestrial ecosystems and integration into the food web, with evidence of human exposure and unrevealed health implications. There is a paucity of information regarding the effects of MPs exposure on the gut system using metagenomic and metabolomic approaches. In this study, Javanese medaka fish was exposed to 5 µm beads of polystyrene microplastics (PS-MPs) suspensions, at concentrations of 100 μg/L (MP-LOW), 500 μg/L (MP-MED), and 1000 μg/L (MP-HIGH), for a duration of 21 days, and evaluated for gut microbiome and metabolome responses. The results revealed a significant reduction (p < 0.05) in richness and diversity of the gut microbiome in the MP-HIGH group, and identification of 7 bacterial genera as differential features by the Linear discriminant analysis Effect Size (LEfSe). The gut metabolic profile revealed upregulation of 9 metabolites related to energy metabolism, via tricarboxylic acid cycle (TCA), creatine pathway, and urea cycle, as determined by the pathway analysis. Furthermore, positive correlation was found between the genus Aeromonas and glucose, lactate, and creatine metabolites. The study revealed that PS-MPs exposure resulted in altered bacterial microbiome and metabolic disorder related to energy metabolism. It further provided additional data on gut bacterial genera and metabolites associated with MPs toxicity in aquatic organism, which will inevitably enable its future health risks assessment in animals and possibly humans.

Muhammad Usman, Youcheng Sun, Divya Gopinath et al.

We study backdoor poisoning attacks against image classification networks, whereby an attacker inserts a trigger into a subset of the training data, in such a way that at test time, this trigger causes the classifier to predict some target class. %There are several techniques proposed in the literature that aim to detect the attack but only a few also propose to defend against it, and they typically involve retraining the network which is not always possible in practice. We propose lightweight automated detection and correction techniques against poisoning attacks, which are based on neuron patterns mined from the network using a small set of clean and poisoned test samples with known labels. The patterns built based on the mis-classified samples are used for run-time detection of new poisoned inputs. For correction, we propose an input correction technique that uses a differential analysis to identify the trigger in the detected poisoned images, which is then reset to a neutral color. Our detection and correction are performed at run-time and input level, which is in contrast to most existing work that is focused on offline model-level defenses. We demonstrate that our technique outperforms existing defenses such as NeuralCleanse and STRIP on popular benchmarks such as MNIST, CIFAR-10, and GTSRB against the popular BadNets attack and the more complex DFST attack.

Yunjie Ge, Qian Wang, Jingfeng Zhang et al.

People are not always receptive to their voice data being collected and misused. Training the audio intelligence systems needs these data to build useful features, but the cost for getting permissions or purchasing data is very high, which inevitably encourages hackers to collect these voice data without people's awareness. To discourage the hackers from proactively collecting people's voice data, we are the first to propose a clean-label poisoning attack, called WaveFuzz, which can prevent intelligence audio models from building useful features from protected (poisoned) voice data but still preserve the semantic information to the humans. Specifically, WaveFuzz perturbs the voice data to cause Mel Frequency Cepstral Coefficients (MFCC) (typical representations of audio signals) to generate the poisoned frequency features. These poisoned features are then fed to audio prediction models, which degrades the performance of audio intelligence systems. Empirically, we show the efficacy of WaveFuzz by attacking two representative types of intelligent audio systems, i.e., speaker recognition system (SR) and speech command recognition system (SCR). For example, the accuracies of models are declined by $19.78\%$ when only $10\%$ of the poisoned voice data is to fine-tune models, and the accuracies of models declined by $6.07\%$ when only $10\%$ of the training voice data is poisoned. Consequently, WaveFuzz is an effective technique that enables people to fight back to protect their own voice data, which sheds new light on ameliorating privacy issues.

Jiayin Li, Wenzhong Guo, Xingshuo Han et al.

The rapidly expanding number of Internet of Things (IoT) devices is generating huge quantities of data, but the data privacy and security exposure in IoT devices, especially in the automatic driving system. Federated learning (FL) is a paradigm that addresses data privacy, security, access rights, and access to heterogeneous message issues by integrating a global model based on distributed nodes. However, data poisoning attacks on FL can undermine the benefits, destroying the global model's availability and disrupting model training. To avoid the above issues, we build up a hierarchical defense data poisoning (HDDP) system framework to defend against data poisoning attacks in FL, which monitors each local model of individual nodes via abnormal detection to remove the malicious clients. Whether the poisoning defense server has a trusted test dataset, we design the \underline{l}ocal \underline{m}odel \underline{t}est \underline{v}oting (LMTV) and \underline{k}ullback-\underline{l}eibler divergence \underline{a}nomaly parameters \underline{d}etection (KLAD) algorithms to defend against label-flipping poisoning attacks. Specifically, the trusted test dataset is utilized to obtain the evaluation results for each classification to recognize the malicious clients in LMTV. More importantly, we adopt the kullback leibler divergence to measure the similarity between local models without the trusted test dataset in KLAD. Finally, through extensive evaluations and against the various label-flipping poisoning attacks, LMTV and KLAD algorithms could achieve the $100\%$ and $40\%$ to $85\%$ successful defense ratios under different detection situations.

Marissa Connor, Vincent Emanuele

Semi-supervised learning methods can train high-accuracy machine learning models with a fraction of the labeled training samples required for traditional supervised learning. Such methods do not typically involve close review of the unlabeled training samples, making them tempting targets for data poisoning attacks. In this paper we investigate the vulnerabilities of semi-supervised learning methods to backdoor data poisoning attacks on the unlabeled samples. We show that simple poisoning attacks that influence the distribution of the poisoned samples' predicted labels are highly effective - achieving an average attack success rate as high as 96.9%. We introduce a generalized attack framework targeting semi-supervised learning methods to better understand and exploit their limitations and to motivate future defense strategies.