T6-AT-015HIGH
Few-Shot Learning Attacks
T6 · Training & Feedback Poisoning →Risk score220
RatingHigh
Procedures10
Severity
Mechanism
Few-shot learning operates at the inference-deployment boundary: the model receives a small number of examples (typically 0–32) in its context and adapts its behavior accordingly. The attack surface is the few-shot examples themselves and the selection/retrieval process that determines which examples are presented. Unlike training-time attacks, few-shot poisoning can occur at deployment time without modifying model weights.
Detection
- Few-shot example provenance verification: track the source of all in-context examples
- Example retrieval auditing: monitor which examples are retrieved for which queries and flag anomalous patterns
- Meta-training episode analysis: profile the task distribution for adversarial over-representation
- In-context behavior consistency: compare model outputs across different few-shot example sets for the same task
Mitigation
Curated, verified few-shot example librariesHIGH
Few-shot example diversity enforcementMEDIUM
In-context anomaly detection (flag unusual demonstrations)MEDIUM
Meta-training with adversarial episode augmentationMEDIUM
Chaining
Open in the technique browser →Few-shot learning attacks operate at the training-deployment boundary and chain in both directions. Meta-learning poisoning (T6-AP-015C) chains backward to T6-AT-002 (Dataset Contamination) through meta-training data.