Definition
An attack where the database an AI agent consults gets quietly corrupted, so the agent confidently reasons from false facts.
An attack class targeting structured data sources (knowledge graphs, MCP-served databases) that LLM agents trust as observational ground truth, corrupting grounding without altering prompts, training, or tool behavior.