Hasil untuk "Toxicology. Poisons"

Yang Chen, Yi Yu, Jiaming He et al.

Recent advances in 3D Gaussian Splatting (3DGS) deliver high-quality rendering, yet the Gaussian representation exposes a new attack surface, the resource-targeting attack. This attack poisons training images, excessively inducing Gaussian growth to cause resource exhaustion. Although efficiency-oriented methods such as smoothing, thresholding, and pruning have been explored, these spatial-domain strategies operate on visible structures but overlook how stealthy perturbations distort the underlying spectral behaviors of training data. As a result, poisoned inputs introduce abnormal high-frequency amplifications that mislead 3DGS into interpreting noisy patterns as detailed structures, ultimately causing unstable Gaussian overgrowth and degraded scene fidelity. To address this, we propose \textbf{Spectral Defense} in Gaussian and image fields. We first design a 3D frequency filter to selectively prune Gaussians exhibiting abnormally high frequencies. Since natural scenes also contain legitimate high-frequency structures, directly suppressing high frequencies is insufficient, and we further develop a 2D spectral regularization on renderings, distinguishing naturally isotropic frequencies while penalizing anisotropic angular energy to constrain noisy patterns. Experiments show that our defense builds robust, accurate, and secure 3DGS, suppressing overgrowth by up to $5.92\times$, reducing memory by up to $3.66\times$, and improving speed by up to $4.34\times$ under attacks.

Kwon Ko, Hyoungwook Jin

Thirty years ago, Wooldridge and Jennings defined intelligent agents through four properties: autonomy, reactivity, pro-activeness, and social ability. Today, advances in AI can empower everyday objects to become such intelligent agents. We call such objects agentic objects and envision that they can form an agentic society: a collective agentic environment that perceives patterns, makes judgments, and takes actions that no single object could achieve alone. However, individual capability does not guarantee coordination. Through an illustrative scenario of a teenager experiencing bullying and depression, we demonstrate both the promise of coordination and its failure modes: false positives that destroy trust, deadlocks that prevent action, and adversarial corruption that poisons judgment. These failures reveal open questions spanning three phases: what to share, how to judge, and when to act. These questions chart a research agenda for building agentic societies.

Eneko Madorran

The persistent gap between preclinical findings and clinical outcomes highlights the limitations of current in vitro models in regulatory toxicology. While New Approach Methodologies (NAMs) promise mechanistic insight, reduced reliance on animal testing, and enhanced human relevance, their translational accuracy remains constrained by oversimplified assumptions. This manuscript identifies foundational aspects of human physiology—degeneracy, interconnected pathways, variability among individuals, biological rhythms, and context dependency—that are often underrepresented in existing systems. I propose reframing biological effects as probabilistic outcomes rather than deterministic events, recognizing that cells and organisms operate through overlapping networks where redundancy, variability, and timing shape the likelihood of specific responses. Building on this framework, I outline a probabilistic and context-dependent cell culture model that integrates viability, functional fidelity, pathway mapping, temporal resolution, and Bayesian inference. Translational relevance is further strengthened by anchoring in vitro measurements to clinically meaningful benchmarks, incorporating patient perspectives, and aligning with regulatory oversight. Although challenges remain—including replicating cell–cell communication, multi-organ synchronization, and harmonizing probabilistic outputs with deterministic regulatory frameworks—embedding these principles into NAMs offers a pathway to overcome the translational bottleneck. By embracing complexity rather than reducing it, NAMs can evolve into tools that are not only mechanistically informative but also predictive, acceptable, and implementable in real-world milieu, ultimately advancing safer and more ethical toxicological assessment.

Chen Wu, Qian Ma, Prasenjit Mitra et al.

Knowledge distillation has become a cornerstone in modern machine learning systems, celebrated for its ability to transfer knowledge from a large, complex teacher model to a more efficient student model. Traditionally, this process is regarded as secure, assuming the teacher model is clean. This belief stems from conventional backdoor attacks relying on poisoned training data with backdoor triggers and attacker-chosen labels, which are not involved in the distillation process. Instead, knowledge distillation uses the outputs of a clean teacher model to guide the student model, inherently preventing recognition or response to backdoor triggers as intended by an attacker. In this paper, we challenge this assumption by introducing a novel attack methodology that strategically poisons the distillation dataset with adversarial examples embedded with backdoor triggers. This technique allows for the stealthy compromise of the student model while maintaining the integrity of the teacher model. Our innovative approach represents the first successful exploitation of vulnerabilities within the knowledge distillation process using clean teacher models. Through extensive experiments conducted across various datasets and attack settings, we demonstrate the robustness, stealthiness, and effectiveness of our method. Our findings reveal previously unrecognized vulnerabilities and pave the way for future research aimed at securing knowledge distillation processes against backdoor attacks.

Noah DeTal, Christian N. K. Anderson, Mark K. Transtrum

Quantitative Systems Pharmacology (QSP) promises to accelerate drug development, enable personalized medicine, and improve the predictability of clinical outcomes. Realizing this potential requires effectively managing the complexity of mathematical models representing biological systems. Here, we present and validate a novel QSP workflow--CRISP (Contextualized Reduction for Identifiability and Scientific Precision)--that addresses a central challenge in QSP: the problem of complexity and over-parameterization, in which models contain irrelevant parameters that obscure interpretation and hinder predictive reliability. The CRISP workflow begins with a literature-derived model, constructed to be comprehensive and unbiased by integrating prior mechanistic insights. At the core of the workflow is the Manifold Boundary Approximation Method (MBAM), a reduction technique that simplifies models while preserving mechanistic structure and predictive fidelity. By applying MBAM in a context-specific manner, CRISP links parsimonious models directly to predictions of interest, clarifying causal structure and enhancing interpretability. The resulting models are computationally efficient and well-suited to key QSP tasks, including virtual population generation, experimental design, toxicology, and target discovery. We demonstrate the utility of CRISP on case studies involving the coagulation cascade and SHIV infection, and identify promising directions for improving the efficacy of bNAb therapies for HIV. Together, these results establish CRISP as a general-purpose QSP workflow for turning complex mechanistic models into tools for precise scientific reasoning to guide pharmacological and regulatory decision-making.

Jixin ZHI, Tiantian WANG, Shuang REN et al.

BackgroundVascular endothelial damage associated with endothelial progenitor cell dysfunction is considered as an initiating step of hypertension and target organ damage, in which oxidative stress plays a key role. High-intensity intermittent exercise is an effective prevention and treatment method of various chronic diseases; however, little attention has been paid to its effects and mechanisms on endothelial progenitor cells. ObjectiveTo observe the effect of high-intensity intermittent exercise on the function of endothelial progenitor cells in patients with hypertension and explore the mechanism of oxidative stress. MethodsA total of 60 patients with essential hypertension were randomly divided into a control group and an exercise group. The control group received conventional drug treatment (including diuretics, calcium blockers, and beta-blockers), and the exercise group performed high-intensity intermittent exercise for 8 weeks (3 times·week−1) in addition to the treatment plan of the control group. Before and after intervention, brachial artery flow-mediated vasodilation (FMD) was used to evaluate vascular endothelial function; venous blood was sampled to perfrom circulating endothelial progenitor cell counts; endothelial progenitor cells were cultured in vitro, and the modified Boyden chamber assay and Matrigel lumen formation assay were used to detect their migration and tube formation ability, superoxide fluorescent anion probe method to detect reactive oxygen species levels, terminal deoxynucleotidyl transferase-mediated dUTP nick end labeling (TUNEL) staining method to detect cell apoptosis, Western blotting to determine protein expression of reduced nicotinamide adenine dinucleotide phosphate (NADPH) oxidase 2, NADPH oxidase 4, and superoxide dismutase. ResultsFour patients (13.3%) in the control group and 2 patients (6.7%) in the exercise group dropped out; the completion rate of the exercise group's training plan was 94.9%. Compared with the before-intervention indicators, blood pressure decreased, brachial artery FMD increased, number of circulating endothelial progenitor cells increased, their migration and tube formation ability were enhanced, reactive oxygen species levels and cell apoptosis rate were reduced, NADPH oxidase 2 and NADPH oxidase 4 protein expressions were down-regulated, and superoxide dismutase protein expression was up-regulated in the after-intervention exercise group, and the differences were all statistically significant (P < 0.05). There was no significant difference in the above indicators in the control group between before and after intervention (P > 0.05). ConclusionHigh-intensity intermittent exercise regulates oxidative stress mediated by NADPH oxidase, improves endothelial progenitor cell function, and restores vascular endothelial disorders in patients with essential hypertension.

Damian Alexander Honeyman, David James Heslop, Samsung Lim et al.

Chemical warfare means the use of chemical agents that have direct toxic effects on animals, plants and humans, as weapons. The first documented use of a chemical agent for warfare purposes occurred in ancient times around 10,000 BCE in South Africa when weapons were dipped in chemicals and then used to attack and defend from enemies. However, much of the evidence lacks detail to provide thorough accounts of such events. Nevertheless, we aimed to systematically gather the most comprehensive account of all publicly known incidents involving chemical weapons throughout history. We identified 121 instances of chemical weapon use between 10,000 BCE and October 2023 spanning 49 countries and causing at minimum 2,110,360 injuries and 2,930,769 deaths. Across the 121 incidents, at least 165 chemical agents were used. Of the known chemical agents, the top three were sulphur mustard (n = 16, 12.1%), hydrogen cyanide (n = 12, 7.3%) and chlorine gas (n = 11, 6.7%). Of the known chemical classes, the top three used were vesicants (blistering agents) (n = 31, 18.8%), choking (pulmonary) agents (n = 18, 10.9%) and nerve agents (n = 18, 10.9%). If a chemical agent was not reported, the chemical class was reported as unknown (n = 35, 21.2%). A small number of chemical weapons were used that fell outside of the main categories of agents (n = 20, 12.1%). Chemical weapons remain a serious concern locally and globally, and there are few data on the global epidemiology of such incidents. Prevention, early detection and rapid response are key and can be enabled by global surveillance for chemical incidents.

Mustafa Öztatlıcı, Parmila Rahmat Zada, Rukiye Betül Çolaksel et al.

Abstract Background Selinexor (SLX), a selective inhibitor of nuclear export (SINE), has been shown to interfere with nuclear export mechanisms and to exert antitumor effects in a variety of cancer cell types. It is known to regulate multiple fundamental cellular processes, including the DNA damage response, cell proliferation, and stress signaling pathways. Nevertheless, its potential effects on reproductive cells remain inadequately characterized. The present study was aimed to investigate the cytotoxic, apoptotic, anti-proliferative and anti-migratory effects of SLX on GC1 (spermatogonia) and GC2 (spermatid) cell lines, alongside its influence on DNA damage and oxidative stress. Methods Cytotoxicity was assessed using the MTT assay. Cell proliferation capacity was evaluated via colony formation assay, while cell migration was analyzed using in vitro wound healing model. Apoptosis, oxidative stress, and DNA damage were investigated using immunocytochemical analyses of Cas-3, Bax, iNOS, ATM, and BRCA1 proteins. Additionally, Annexin V-FITC/PI staining was performed to detect the apoptotic cell population by flow cytometry. Results SLX treatment led to concentration- and time dependent cytotoxicity and colony formation assay revealed a marked reduction in proliferative capacity, in both cell lines. Wound healing analyses demonstrated that SLX effectively suppressed cell migration. Flow cytometry analysis showed that the live cell population decreased, whereas the late apoptotic cell population increased. Additionally, it was observed that Cas-3 and Bax immunoreactivities increased in the SLX groups compared to the control groups. Moreover, a significant increase in the immunoreactivity of ATM, BRCA1 and iNOS proteins, which are key indicators of DNA damage and oxidative stress, was observed. Conclusion The data suggest that SLX may decrease cell viability, induce apoptosis, inhibit cell migration and increase DNA damage and cellular stress in male germ cells. Given these effects, SLX should be carefully examined for its potential reproductive toxicity. Further studies are warranted to explore its long-term impact on male fertility.

Emre Ozfatura, Kerem Ozfatura, Baturalp Buyukates et al.

In federated learning (FL), profiling and verifying each client is inherently difficult, which introduces a significant security vulnerability: malicious clients, commonly referred to as Byzantines, can degrade the accuracy of the global model by submitting poisoned updates during training. To mitigate this, the aggregation process at the parameter server must be robust against such adversarial behaviour. Most existing defences approach the Byzantine problem from an outlier detection perspective, treating malicious updates as statistical anomalies and ignoring the internal structure of the trained neural network (NN). Motivated by this, this work highlights the potential of leveraging side information tied to the NN architecture to design stronger, more targeted attacks. In particular, inspired by insights from sparse NNs, we introduce a hybrid sparse Byzantine attack. The attack consists of two coordinated components: (i) A sparse attack component that selectively manipulates parameters with higher sensitivity in the NN, aiming to cause maximum disruption with minimal visibility; (ii) A slow-accumulating attack component that silently poisons parameters over multiple rounds to evade detection. Together, these components create a strong but imperceptible attack strategy that can bypass common defences. We evaluate the proposed attack through extensive simulations and demonstrate its effectiveness against eight state-of-the-art defence mechanisms.

Henry Li Xinyuan, Sonal Joshi, Thomas Thebaud et al.

Poisoning backdoor attacks involve an adversary manipulating the training data to induce certain behaviors in the victim model by inserting a trigger in the signal at inference time. We adapted clean label backdoor (CLBD)-data poisoning attacks, which do not modify the training labels, on state-of-the-art speech recognition models that support/perform a Spoken Language Understanding task, achieving 99.8% attack success rate by poisoning 10% of the training data. We analyzed how varying the signal-strength of the poison, percent of samples poisoned, and choice of trigger impact the attack. We also found that CLBD attacks are most successful when applied to training samples that are inherently hard for a proxy model. Using this strategy, we achieved an attack success rate of 99.3% by poisoning a meager 1.5% of the training data. Finally, we applied two previously developed defenses against gradient-based attacks, and found that they attain mixed success against poisoning.

Lijia Yu, Shuang Liu, Yibo Miao et al.

The generalization bound is a crucial theoretical tool for assessing the generalizability of learning methods and there exist vast literatures on generalizability of normal learning, adversarial learning, and data poisoning. Unlike other data poison attacks, the backdoor attack has the special property that the poisoned triggers are contained in both the training set and the test set and the purpose of the attack is two-fold. To our knowledge, the generalization bound for the backdoor attack has not been established. In this paper, we fill this gap by deriving algorithm-independent generalization bounds in the clean-label backdoor attack scenario. Precisely, based on the goals of backdoor attack, we give upper bounds for the clean sample population errors and the poison population errors in terms of the empirical error on the poisoned training dataset. Furthermore, based on the theoretical result, a new clean-label backdoor attack is proposed that computes the poisoning trigger by combining adversarial noise and indiscriminate poison. We show its effectiveness in a variety of settings.

Sean M. Edwards, Amy L. Harding, Joseph A. Leedale et al.

In pharmaceutical therapeutic design or toxicology, accurately predicting the permeation of chemicals through human epithelial tissues is crucial, where permeation is significantly influenced by the tissue's cellular architecture. Current mathematical models for multi-layered epithelium such as the oral mucosa only use simplistic 'bricks and mortar' geometries and therefore do not account for the complex cellular architecture of these tissues at the microscale level, such as the extensive plasma membrane convolutions that define the extracellular spaces between cells. Chemicals often permeate tissues via this paracellular route, meaning that permeation is underestimated. To address this, measurements of human buccal mucosal tissue were conducted to ascertain the width and tortuosity of extracellular spaces across the epithelium. Using mechanistic mathematical modelling, we show that the convoluted geometry of extracellular spaces significantly impacts chemical permeation and that this can be approximated, provided that extracellular tortuosity is accounted for. We next developed an advanced physically-relevant in silico model of oral mucosal chemical permeation using partial differential equations, fitted to chemical permeation in vitro assays on tissue-engineered human oral mucosa. Tissue geometries were measured and captured in silico, and permeation examined and predicted for chemicals with different physicochemical properties. The effect of altering the extracellular space to mimic permeation enhancers was also assessed by perturbing the in silico model. This novel in vitro-in silico approach has the potential to expedite pharmaceutical innovation for testing oromucosal chemical permeation, providing a more accurate, physiologically-relevant model which can reduce animal testing with early screening based on chemical properties.

Giacomo Mosconi, Sara Panseri, Stefano Magni et al.

We characterized the presence of plastics in different organs of the gilthead seabream (<i>Sparus aurata</i>) and European seabass (<i>Dicentrarchus labrax</i>) from some off-shore aquaculture facilities of the Mediterranean Sea. Plastics were detected in 38% of analyzed fish. Higher contamination was observed in fish from Turkey and Greece with respect to Italy, without significant differences between the geographical areas. Plastics accumulated mostly in the gastrointestinal tract and, to a lower extent, in the muscle, which represents the edible part of fish. Based on the particle detected, a maximum amount of 0.01 plastic/g wet weight (w.w.) can occur in muscles, suggesting a low input for humans through consumption. A large portion of the particles identified was represented by man-made cellulose-based fibers. The characterization of the polymeric composition suggests that plastics taken up by fish can have land-based and pelagic origins, but plastics can be introduced also from different aquaculture practices.

Mathias Busch, Hugo Brouwer, Germaine Aalderink et al.

Plastic particles in the nanometer range–called nanoplastics–are environmental contaminants with growing public health concern. As plastic particles are present in water, soil, air and food, human exposure via intestine and lung is unavoidable, but possible health effects are still to be elucidated. To better understand the Mode of Action of plastic particles, it is key to use experimental models that best reflect human physiology. Novel assessment methods like advanced cell models and several alternative approaches are currently used and developed in the scientific community. So far, the use of cancer cell line-based models is the standard approach regarding in vitro nanotoxicology. However, among the many advantages of the use of cancer cell lines, there are also disadvantages that might favor other approaches. In this review, we compare cell line-based models with stem cell-based in vitro models of the human intestine and lung. In the context of nanoplastics research, we highlight the advantages that come with the use of stem cells. Further, the specific challenges of testing nanoplastics in vitro are discussed. Although the use of stem cell-based models can be demanding, we conclude that, depending on the research question, stem cells in combination with advanced exposure strategies might be a more suitable approach than cancer cell lines when it comes to toxicological investigation of nanoplastics.

J. Okołowicz, M. Płoszajczak, W. Nazarewicz

The nucleus 11C plays an important role in the boron-proton fusion reactor environment as a catalyzer of the 10B(p,α)7Be reaction which, by producing a long-lived isotope of 7Be, poisons the aneutronic fusion process 11B(p,2α)4He. The low-energy cross section of 10B(p,α)7Be depends on the near-threshold states 7/2+1 , 5/2+2 , 5/2+3 in 11C whose properties are primarily known from the indirect measurements. We investigate the continuum-coupling induced collectivization of these resonances in the shell model embedded in the continuum. We predict a significant enhancement of the 10B(p,α)7Be cross section at energies accessible to the laser-driven hot plasma facilities.

Siddhartha Datta, Nigel Shadbolt

Malicious agents in collaborative learning and outsourced data collection threaten the training of clean models. Backdoor attacks, where an attacker poisons a model during training to successfully achieve targeted misclassification, are a major concern to train-time robustness. In this paper, we investigate a multi-agent backdoor attack scenario, where multiple attackers attempt to backdoor a victim model simultaneously. A consistent backfiring phenomenon is observed across a wide range of games, where agents suffer from a low collective attack success rate. We examine different modes of backdoor attack configurations, non-cooperation / cooperation, joint distribution shifts, and game setups to return an equilibrium attack success rate at the lower bound. The results motivate the re-evaluation of backdoor defense research for practical environments.

Connie H. Yoon, Natalie I. Rine, Adam Smith et al.

AbstractThis is a case of a 23-year-old female who presented to the emergency department (ED) comatose after ingesting 7.8 g of propafenone and 11.7 g of valsartan. Upon arrival to the ED, the patient had seizures and required intubation. Several boluses of sodium bicarbonate were given as well as a continuous infusion to normalize QRS intervals. Norepinephrine and intravenous lipid emulsion (ILE) therapy were initiated. In the intensive care unit (ICU), the patient experienced persistent seizures and a 5-minute period of pulseless ventricular tachycardia. Subsequently, hyperinsulinemic-euglycemic therapy (HIET) was initiated. The patient received a 1 unit/kg intravenous bolus of regular insulin followed by a continuous infusion starting at 1 unit/kg/hr. Norepinephrine infusion was weaned off after 27 h of HIET. Within 48 h of presentation, the patient was transferred out of the ICU. This case exhibits the successful management of a mixed overdose with propafenone and valsartan utilizing a multimodal approach. In addition to supportive care, the patient received sodium bicarbonate, HIET, ILE and vasopressors to manage the cardiovascular collapse associated with these toxicities.

Godwin Upoki Anywar, Godwin Upoki Anywar, Godwin Upoki Anywar et al.

Introduction: Many people living with HIV/AIDS (PLHIV) in Uganda widely use herbal medicines. However, their toxicity and safety have not been investigated. The use of these plants can potentially cause harmful effects to the health of patients. The purpose of this study was to determine the cytotoxicity of some commonly used medicinal plant species used by PLHIV.Methods: The cytotoxicity of the plant extracts was determined with the AlamarBlue cell viability assay using the human glioblastoma cell line U87.CD4.CXCR4. The cells were treated with varying concentrations of extracts of Warburgia ugandensis, Erythrina abyssinica, Cryptolepis sanguinolenta, Albizia coriaria, Psorospermum febrifugium, Gymnosporia senegalensis, Zanthoxylum chalybeum, Securidaca longipendunculata, Vachellia hockii, Gardenia ternifolia, and Bridelia micrantha reconstituted with ethanol and dimethyl sulfoxide (DMSO). Using regression analysis, the half maximal cytotoxic concentration (CC50) of the plant extracts were calculated from exponential curve fits, since they provided the highest coefficient of determination, R2.Results: The ethanol extracts of W. ugandensis (CC50 = 7.6 μg/ml) and A. coriaria (CC50 = 1.5 μg/ml) as well as the DMSO-reconstituted extracts of W. ugandensis (CC50 = 6.4 μg/ml) and A. coriria (CC50 = &lt; 4 μg/ml) were highly cytotoxic. The cytotoxicity of W. ugandensis and A. coriaria compared well with the indigenous traditional knowledge of the toxic effects experienced when the plants were not used correctly. However, the cytotoxicity of most of the plant extracts (15/22) was low to moderate (CC50 = 21–200 μg/ml).Conclusion: Most of the plant species tested in this study had low to moderate cytotoxicity against U87.CD4.CXCR4 cells, except W. ugandensis and A. coriria which were highly cytotoxic.

Mazda Moayeri, Soheil Feizi

Adversarial robustness of deep models is pivotal in ensuring safe deployment in real world settings, but most modern defenses have narrow scope and expensive costs. In this paper, we propose a self-supervised method to detect adversarial attacks and classify them to their respective threat models, based on a linear model operating on the embeddings from a pre-trained self-supervised encoder. We use a SimCLR encoder in our experiments, since we show the SimCLR embedding distance is a good proxy for human perceptibility, enabling it to encapsulate many threat models at once. We call our method SimCat since it uses SimCLR encoder to catch and categorize various types of adversarial attacks, including L_p and non-L_p evasion attacks, as well as data poisonings. The simple nature of a linear classifier makes our method efficient in both time and sample complexity. For example, on SVHN, using only five pairs of clean and adversarial examples computed with a PGD-L_inf attack, SimCat's detection accuracy is over 85%. Moreover, on ImageNet, using only 25 examples from each threat model, SimCat can classify eight different attack types such as PGD-L_2, PGD-L_inf, CW-L_2, PPGD, LPA, StAdv, ReColor, and JPEG-L_inf, with over 40% accuracy. On STL10 data, we apply SimCat as a defense against poisoning attacks, such as BP, CP, FC, CLBD, HTBD, halving the success rate while using only twenty total poisons for training. We find that the detectors generalize well to unseen threat models. Lastly, we investigate the performance of our detection method under adaptive attacks and further boost its robustness against such attacks via adversarial training.