Data Lineage Attacks

Data lineage (provenance) tracking maintains the chain of custody for training data: origin, transformations, access history, and consent records. Lineage attacks target the metadata layer rather than the data itself. By forging, corrupting, or breaking provenance records, the attacker undermines verification of training data integrity, regulatory compliance (GDPR right to explanation, EU AI Act documentation), or tracing poisoning to its source.

• Cryptographic lineage signing: each provenance record signed by the originating system
• Cross-system lineage reconciliation across independent tracking systems
• Lineage completeness monitoring: alert on gaps or inconsistencies in provenance chains
• Consent audit trails with independent verification against data subject records

Lineage attacks enable T10-AT-009 (Data Poisoning Detection Bypass) by providing false provenance that causes poisoned data to be trusted. Undermines post-incident forensics for all T10 techniques by corrupting the evidence trail.