2026高考英语时文阅读:AI投毒成新型网络威胁
时文简讯:2026年3·15晚会曝光的AI投毒引发关注,这种网络攻击通过污染AI训练数据操纵输出,已渗透至医疗、金融等关键领域。其通过注入对抗性样本等实施,“清洁标签投毒”难检测,GEO技术滥用加剧威胁,细微攻击可使临床AI准确率降30%。目前,企业、监管部门与用户联动防护,多方协同才能防范风险、发挥AI价值。
第一节阅读理解题
阅读下列短文,从每题所给的A、B、C、D四个选项中选出最佳选项。
In 2026, China’s 3·15 Gala cast a spotlight on AI poisoning—a sophisticated form of cyberattack that manipulates the training data of large language models (LLMs) to skew outputs, spread disinformation, and erode public trust in artificial intelligence. As AI becomes embedded in critical sectors from healthcare diagnostics to financial forecasting, the vulnerability of training pipelines has emerged as a national security concern, prompting urgent calls for robust defensive frameworks.
AI poisoning operates at the foundational layer of machine learning: by injecting adversarial examples, mislabeled data, or backdoor triggers into training datasets, attackers can force models to learn spurious correlations that manifest as biased, harmful, or strategically misleading outputs. Unlike accidental bugs, these attacks are deliberate, often designed to evade detection by mimicking legitimate data patterns—a tactic known as “clean-label poisoning,” which poses unique challenges to traditional anomaly detection systems.
Closely linked to this threat is Generative Engine Optimization (GEO), a technique analogous to search engine optimization (SEO) but tailored to manipulate how AI models discover and prioritize content. While GEO can be ethically deployed to improve content accessibility, bad actors exploit it to flood training pipelines with low-quality, manipulative content, effectively “poisoning” the model’s knowledge base at scale. This symbiosis between GEO and data poisoning underscores the complexity of modern AI threats, which blur the lines between content marketing, disinformation campaigns, and cyber warfare.
The ramifications of AI poisoning extend far beyond misinformation. In high-stakes domains, a poisoned model could misdiagnose medical conditions, manipulate stock prices, or generate malicious code, leading to catastrophic consequences. A 2025 study by the Center for AI Safety found that even subtle poisoning attacks could reduce the accuracy of clinical decision-support systems by 30%, highlighting the existential risk to public welfare.
Mitigating these risks requires a multi-stakeholder approach. Tech firms must implement rigorous data provenance tracking and adversarial training to harden models against manipulation. Regulators need to establish mandatory standards for transparency in training data sourcing, while end-users must cultivate digital literacy to critically evaluate AI-generated content. As one AI security researcher noted, “The era of trusting AI outputs blindly is over—we must build systems that are not only powerful but also resilient to the evolving threat landscape.”
Despite these challenges, the future of AI remains promising. With proactive investment in security research and international cooperation, we can harness AI’s transformative potential while safeguarding against the hidden dangers of data poisoning, ensuring that this technology serves as a force for good in the digital age.
1.What is the primary purpose of the passage
A. To criticize the 3·15 Gala for overhyping AI threats.
B. To analyze the mechanisms and far-reaching consequences of AI poisoning.
C. To advocate for the complete ban of large language models.
D. To explain the differences between GEO and traditional SEO.
2.Which of the following best defines “clean-label poisoning” (Para. 2)
A. A type of attack that inserts obvious backdoor triggers into training data.
B. A bug that accidentally corrupts model outputs during deployment.
C. A stealthy attack that uses legitimate-looking data to manipulate models.
D. A defensive technique to detect anomalies in training datasets.
3.What can be inferred from the study mentioned in Para. 4
A. AI poisoning has minimal impact on high-stakes industries.
B. Clinical decision-support systems are immune to data manipulation.
C. Even subtle attacks can severely compromise AI performance in critical fields.
D. The 3·15 Gala was the first to expose AI poisoning risks to the public.
4.What is the author’s attitude toward AI’s future
A. Cautiously optimistic.
B. Deeply pessimistic.
C. Indifferent and detached.
D. Overly enthusiastic.
第二节七选五题
阅读下面短文,从短文后的选项中选出可以填入空白处的最佳选项。选项中有两项为多余选项。
AI poisoning represents a paradigm shift in cyber threats, targeting the very foundation of machine learning systems. 1. __________ As AI permeates critical infrastructure, understanding and mitigating this threat has become a global priority.
At its core, AI poisoning relies on corrupting the training data that models use to learn. 2. ___________This can range from subtle mislabeling of images to the insertion of hidden backdoor triggers that activate under specific conditions, making detection exceedingly difficult.
GEO, a technique closely associated with AI poisoning, amplifies these risks by manipulating how content is discovered by AI models. 3. ________This creates a feedback loop where manipulative content is prioritized, further poisoning the model’s knowledge base over time.
The consequences of unaddressed AI poisoning are profound. 4. _________In extreme cases, it could undermine national security by compromising critical AI-driven systems, from energy grid management to intelligence analysis.
Combating AI poisoning demands a holistic strategy. Tech companies must invest in adversarial training and transparent data auditing. 5. _________ Only through collective action can we ensure that AI remains a safe and reliable tool for societal progress.
A. Regulators must also enforce strict standards for data provenance and model transparency.
B. Unlike traditional hacks that target deployed systems, it infiltrates the training pipeline to corrupt model behavior.
C. This data, if compromised, can force models to learn false patterns that manifest as biased or harmful outputs.
D. GEO allows bad actors to optimize content for AI discovery, ensuring manipulative data is included in training datasets.
E. Many consumers remain unaware of the hidden risks associated with AI-generated content.
F. It can erode public trust in technology, disrupt critical services, and cause significant economic harm.
G. Some experts argue that AI poisoning is a temporary threat that will be resolved with better encryption.
第三节完形填空题
阅读下面短文,从每题所给的A、B、C、D四个选项中选出最佳选项。
AI poisoning, a sophisticated form of cyberattack, has emerged as a defining threat to the reliability of artificial intelligence systems. Attackers 1 manipulate training data to skew model outputs, a tactic that can have 2 consequences across critical sectors.
These attacks operate by 3 adversarial examples or mislabeled data into training datasets, forcing models to learn 4 correlations. Unlike simple bugs, AI poisoning is a 5 act of sabotage, often designed to 6 detection by mimicking legitimate data patterns—a strategy known as clean-label poisoning.
GEO, a technique 7 to SEO, amplifies this threat by optimizing manipulative content for AI discovery. This ensures harmful data is 8 into training pipelines, creating a cycle of 9 that erodes model integrity over time.
The 10 of AI poisoning extend far beyond misinformation. In healthcare, a poisoned model could 11 misdiagnose patients, while in finance, it could manipulate market trends. A 2025 study found such attacks can 12 reduce the accuracy of critical AI systems by 30%, posing an 13 risk to public safety.
Mitigating these risks 14 a multi-stakeholder approach. Firms must audit data rigorously, regulators must enforce transparency, and users must 15 critical thinking when engaging with AI content.
A. accidentally B. deliberately C. randomly D. temporarily
A. trivial B. negligible C. catastrophic D. superficial
A. removing B. injecting C. deleting D. correcting
A. spurious B. genuine C. logical D. consistent
A. unintended B. accidental C. intentional D. spontaneous
A. reveal B. evade C. expose D. trigger
A. irrelevant B. opposite C. analogous D. inferior
A. excluded B. integrated C. ignored D. rejected
A. corruption B. improvement C. stability D. innovation
A. benefits B. implications C. advantages D. trivialities
A. accurately B. deliberately C. potentially D. intentionally
A. slightly B. marginally C. significantly D. minimally
A. existential B. minor C. temporary D. manageable
A. requires B. rejects C. ignores D. undermines
A. abandon B. embrace C. neglect D. dismiss
第四节语篇填空题
阅读下面短文,在空白处填入1个适当的单词或括号内单词的正确形式。
AI poisoning is a sophisticated cyberattack 1 (in which / where) bad actors intentionally manipulate the training data of large language models, 2 (cause) them to produce biased, harmful, or misleading outputs. This threat, 3 (expose) by the 2026 3·15 Gala, has raised global concerns as AI becomes embedded in critical sectors such as healthcare and finance.
At its core, AI poisoning relies on 4 (inject) adversarial examples or mislabeled data into training datasets, 5 (force) models to learn spurious correlations. A closely linked technique, GEO, allows bad actors to optimize content for AI discovery, 6 (ensure) manipulative data is integrated into training pipelines at scale.
The consequences of unaddressed AI poisoning are profound. 7 (Not only / If) can it erode public trust in technology, but it can also disrupt critical services and pose existential risks to public safety. A 2025 study found that even subtle attacks can reduce the accuracy of clinical AI systems by 30%, 8 (highlight) the urgent need for defensive measures.
Mitigating these risks 9 (require) a multi-stakeholder approach: tech firms must implement rigorous data auditing, regulators must enforce transparency standards, and users must cultivate digital literacy. 10 (Only / When) through collective action can we safeguard AI’s transformative potential while protecting against hidden threats.AI 投毒答案解析
一、阅读理解
1. 答案:B
解析:
第2段讲AI投毒原理;
第3段讲GEO与投毒的关系;
第4段讲危害;
第5段讲应对措施。
全文核心:分析AI投毒的机制、危害、对策。
高考考点:主旨大意题(篇章结构+全文概括)
2. 答案:C
解析:
原文第二段:
“often designed to evade detection by mimicking legitimate data patterns—a tactic known as ‘clean-label poisoning’”
mimic legitimate data patterns = 模仿看起来合法的数据
evade detection = 隐蔽、不易被发现
对应 C:stealthy(隐蔽的)attack that uses legitimate-looking data
高考考点:词义猜测题 / 定义理解题(根据上下文解释专业术语)
3. 答案:C
解析:
第四段:
“even subtle poisoning attacks could reduce the accuracy of clinical decision-support systems by 30%”
subtle = 细微的、不明显的
reduce accuracy by 30% = 严重影响性能
对应 C:Even subtle attacks can severely compromise AI performance
高考考点:推理判断题(事实→合理推断)
4. 答案:A
解析:
承认风险,但最后一段:the future of AI remains promising
既要防范,又看好前景 = cautiously optimistic
高考考点:观点态度题(高考必考)
二、七选五
答案
B 2. C 3. D 4. F 5. A
解析 + 高考考点
1. B
前句:AI投毒是新网络威胁。
后句:影响关键基础设施。
B 中 Unlike traditional hacks… 形成对比,解释其特殊性,逻辑最顺。
考点:转折/对比逻辑
2. C
前句:核心是污染训练数据。
C:This data, if compromised… 承接 data,讲后果。
考点:代词指代 + 顺承逻辑
3. D
前句:GEO放大风险。
D 直接解释 GEO allows bad actors to… 与后文形成闭环。
考点:概念解释 + 段内逻辑
4. F
前句:后果深远。
F 列举:erode trust, disrupt services, economic harm 等具体危害。
考点:总—分结构
5. A
前句:公司要做…
A:Regulators must also… 形成并列对策。
考点:并列/递进逻辑
三、完形填空
答案1.B 2. C 3. B 4. A 5. C 6.B 7. C 8. B 9. A 10. B
11.C 12. C 13. A 14. A 15. B
1. 答案:B. deliberately(故意地)
解析:结合上下文,前文明确AI投毒是“a sophisticated form of cyberattack”(复杂的网络攻击),后文提到“unlike simple bugs”(不同于简单的漏洞),可知攻击者的行为是蓄意的、有计划的。选项A. accidentally(偶然地)、C. randomly(随机地)、D. temporarily(暂时地)均与“网络攻击”的蓄意性不符,只有deliberately符合语境,体现攻击的目的性。
高考考点:副词词义辨析(高考完形填空高频考点,侧重语境匹配,需结合上下文逻辑判断词义,区别近义副词的语义差异)。
2. 答案:C. catastrophic(灾难性的)
解析:后文提到AI投毒渗透至“critical sectors”(关键领域),且下文具体说明“医疗领域误诊、金融领域操纵市场趋势”,甚至“威胁公共安全”,可见其后果是严重的、灾难性的。选项A. trivial(琐碎的)、B. negligible(可忽略的)、D. superficial(表面的)均与后文的严重危害矛盾,catastrophic准确体现后果的严重性。
高考考点:形容词词义辨析(侧重语境逻辑,结合后文举例推断词义,考查形容词与上下文语义的匹配度,是高考完形的核心考法之一)。
3. 答案:B. injecting(注入)
解析:结合前文“AI投毒通过污染训练数据实施”,此处指攻击者将“对抗性样本或错误标注的数据”注入训练数据集,这是AI投毒的核心操作。选项A. removing(移除)、C. deleting(删除)、D. correcting(纠正)均与“污染数据、操纵模型”的攻击逻辑相反,injecting符合“向数据中插入有害内容”的语境。
高考考点:动词词义辨析(结合话题背景和动作逻辑判断,侧重动词与宾语“adversarial examples”的搭配合理性,高考常考查与话题相关的动词辨析)。
4. 答案:A. spurious(虚假的、伪的)
解析:前文提到攻击者注入有害数据,目的是让模型学习错误的关联,从而输出有偏见、有害的内容。spurious correlations意为“伪相关”,即虚假的、不真实的关联,符合攻击意图。选项B. genuine(真实的)、C. logical(合理的)、D. consistent(一致的)均与“攻击导致模型出错”的语境矛盾,是干扰项。
高考考点:形容词词义辨析(侧重高考高频学术词汇,spurious是高考科技类阅读/完形中的常见词,考查学生对学术词汇的积累和语境适配能力)。
5. 答案:C. intentional(故意的)
解析:前文明确“unlike simple bugs”(不同于简单的漏洞),漏洞是偶然的,而AI投毒是“act of sabotage”(破坏行为),必然是故意的。选项A. unintended(非故意的)、B. accidental(偶然的)与语境相反,D. spontaneous(自发的)侧重无外力驱动,不符合“攻击者主动实施”的逻辑,intentional准确体现行为的蓄意性。
高考考点:形容词词义辨析(侧重反义语境推断,通过“unlike”引导的对比关系,判断词义,是高考完形中常见的逻辑推断考法)。
6. 答案:B. evade(躲避、规避)
解析:后文提到“by mimicking legitimate data patterns”(通过模仿合法的数据模式),其目的是不被发现,即躲避检测。evade detection是高考高频固定搭配,意为“躲避检测”。选项A. reveal(揭露)、C. expose(暴露)与语境相反,D. trigger(触发)语义不通,无法与detection搭配。
高考考点:动词词义辨析+固定搭配(高考完形重点考法,既考查动词本身语义,也考查动词与名词的常见搭配,evade detection是科技类文本中的高频搭配)。
7. 答案:C. analogous(类似于、相似的)
解析:前文提到“GEO is a technique analogous to SEO”(GEO是一种类似于SEO的技术),结合原文阅读理解部分的内容,GEO与SEO功能相似,均是“优化内容以被发现”,只是应用对象不同。analogous to = similar to,是高考中常用的高级替换短语。选项A. irrelevant(无关的)、B. opposite(相反的)与语境矛盾,D. inferior(低劣的)语义不符。
高考考点:形容词词义辨析+固定搭配(考查形容词与介词to的搭配,analogous to是高考书面语中的高频短语,侧重对高级词汇和固定搭配的积累)。
8. 答案:B. integrated(整合、纳入)
解析:前文提到GEO优化操纵性内容,目的是让这些有害数据被纳入训练流程,从而污染模型。integrated into意为“被整合进、被纳入”,符合“有害数据进入训练 pipeline”的语境。选项A. excluded(被排除)、C. ignored(被忽视)、D. rejected(被拒绝)均与“GEO放大威胁”的逻辑相反,无法体现数据被污染的过程。
高考考点:动词词义辨析(侧重动词与介词into的搭配,结合上下文逻辑判断动作结果,考查学生对语境中动作逻辑的理解)。
9. 答案:A. corruption(腐败、污染)
解析:前文提到有害数据被纳入训练流程,会形成一个恶性循环,不断侵蚀模型的完整性,即模型被污染的循环。corruption此处指“数据和模型的污染、损坏”,符合语境。选项B. improvement(改进)、C. stability(稳定)与“侵蚀模型完整性”矛盾,D. innovation(创新)语义不通。
高考考点:名词词义辨析(侧重语境语义匹配,结合前文“有害数据污染模型”的核心逻辑,推断名词词义,是高考完形中名词辨析的核心考法)。
10. 答案:B. implications(影响、后果)
解析:后文列举了医疗领域误诊、金融领域操纵市场等具体情况,说明AI投毒的影响远不止虚假信息,implications此处指“广泛的影响、后果”,是高考科技类文本中的高频词。选项A. benefits(好处)、C. advantages(优势)与语境相反,D. trivialities(琐事)语义不符,无法概括后文的严重后果。
高考考点:名词词义辨析(侧重高考高频学术名词,考查学生对抽象名词的理解和语境适配能力,implications是高考完形、阅读中的重点词汇)。
11. 答案:C. potentially(潜在地、可能地)
解析:结合语境,被投毒的模型“可能会”误诊患者,此处强调一种潜在的风险,而非必然发生。potentially体现了风险的可能性,符合客观表述。选项A. accurately(准确地)与“投毒模型出错”的语境矛盾,B. deliberately(故意地)、D. intentionally(故意地)侧重主观意图,而模型误诊是攻击带来的潜在结果,并非主观故意。
高考考点:副词词义辨析(侧重语境中的语义轻重和逻辑,考查副词对句子语气的修饰,区别“必然”与“可能”的语义差异)。
12. 答案:C. significantly(显著地、大幅度地)
解析:后文提到“reduce the accuracy by 30%”(准确率下降30%),这是一个明显、大幅度的下降,significantly准确体现下降的程度。选项A. slightly(轻微地)、B. marginally(微弱地)、D. minimally(最小程度地)均与“30%”的大幅度下降矛盾,无法体现攻击的严重影响。
高考考点:副词词义辨析(侧重语义程度的判断,结合后文具体数据推断副词词义,是高考完形中副词辨析的常见考法)。
13. 答案:A. existential(生存性的、重大的)
解析:前文提到AI投毒影响医疗、金融等关键领域,准确率下降30%,对公共安全构成的是重大的、关乎生存的风险。existential risk是高考科技类文本中的固定表达,意为“生存性风险”,体现风险的严重性。选项B. minor(轻微的)、C. temporary(暂时的)、D. manageable(可控制的)均与前文的严重危害矛盾。
高考考点:形容词词义辨析(侧重高考高频学术形容词,考查学生对高级形容词的积累和语境适配,existential是高考中常考的抽象形容词)。
14. 答案:A. requires(需要)
解析:结合语境,“缓解这些风险”需要多主体协同的方法,requires体现“必要性”,符合逻辑。选项B. rejects(拒绝)、C. ignores(忽视)与“缓解风险”的目的相反,D. undermines(破坏)语义不通,无法与“a multi-stakeholder approach”搭配。
高考考点:动词词义辨析(侧重主语与宾语的搭配合理性,“缓解风险”与“需要方法”是合理搭配,考查学生对动宾搭配的把握)。
15. 答案:B. embrace(培养、秉持)
解析:结合上下文,用户需要培养批判性思维,理性看待AI输出,embrace此处意为“培养、秉持”,符合“提升数字素养”的语境。embrace critical thinking是高考书面语中的高频搭配,意为“培养批判性思维”。选项A. abandon(放弃)、C. neglect(忽视)、D. dismiss(摒弃)均与“防范风险”的逻辑相反,无法体现用户应有的行为。
高考考点:动词词义辨析+固定搭配(高考完形重点考法,既考查动词语义,也考查动词与名词的高频搭配,embrace critical thinking是高考写作、完形中的常见搭配)。
四、语法填空
答案:
1. in which
定语从句,相当于 where,但正式书面语用 in which。
考点:定语从句(高考第1重点)
2. causing
现在分词作结果状语。
考点:非谓语动词
3. exposed
过去分词表被动,= which was exposed。
考点:非谓语作定语
4. injecting
rely on doing sth.
考点:介词+动名词
5. forcing
结果状语。
考点:非谓语
6. ensuring
伴随/结果状语。
7. Not only
Not only…but also… 倒装结构。
考点:倒装句(高考难点)
8. highlighting
结果状语。
9. requires
动名词短语作主语,谓语单数。
10. Only
Only + 状语 + 部分倒装。
考点:倒装(高考必考语法)
