This paper introduces backdoor poisoning attacks on deep learning systems, where an adversary injects a small number of poisoned samples into the training data to create a backdoor that allows the model to misclassify specific inputs as a target label. The backdoor is designed to be stealthy, with the key hard to notice even by humans, and the attack is conducted under a weak threat model where the adversary has no knowledge of the model or training data. The work demonstrates that such attacks are feasible with only a few poisoned samples, and that the backdoor can be physically implemented, such as through a pair of glasses. The paper presents two types of backdoor poisoning attacks: input-instance-key attacks, which use a single input instance as the key, and pattern-key attacks, which use a pattern to generate multiple backdoor instances. The experiments show that with as few as 5 poisoned samples, the attack success rate can exceed 90%. The work highlights the importance of developing defenses against backdoor poisoning attacks, as they pose significant security risks to deep learning systems.This paper introduces backdoor poisoning attacks on deep learning systems, where an adversary injects a small number of poisoned samples into the training data to create a backdoor that allows the model to misclassify specific inputs as a target label. The backdoor is designed to be stealthy, with the key hard to notice even by humans, and the attack is conducted under a weak threat model where the adversary has no knowledge of the model or training data. The work demonstrates that such attacks are feasible with only a few poisoned samples, and that the backdoor can be physically implemented, such as through a pair of glasses. The paper presents two types of backdoor poisoning attacks: input-instance-key attacks, which use a single input instance as the key, and pattern-key attacks, which use a pattern to generate multiple backdoor instances. The experiments show that with as few as 5 poisoned samples, the attack success rate can exceed 90%. The work highlights the importance of developing defenses against backdoor poisoning attacks, as they pose significant security risks to deep learning systems.