Oracle Poisoning: Corrupting Knowledge Graphs to Weaponise AI Agent Reasoning

We define Oracle Poisoning, an attack class in which an adversary corrupts a structured knowledge graph that AI agents query at runtime via tool-use protocols, causing incorrect conclusions through correct reasoning. Unlike prompt injection, Oracle Poisoning manipulates the data agents reason over, not their instructions. We demonstrate six attack scenarios against a production 42-million-node code knowledge graph, providing the first empirical demonstration of knowledge graph poisoning against a production-scale agentic system, distinct from CTI embedding poisoning. Primary evaluation uses real SDK tool-use across nine models from three providers (N=30 per model), where models autonomously invoke a graph query tool and reason from results. The result is unambiguous: every tested model trusts poisoned data at 100% at moderate attacker sophistication(L2), with 269 valid trials (of 270) accepting fabricated security claims under directed queries. Under open-ended prompts, trust drops to 3-55%, confirming prompt framing as a confound; we report both conditions. An attacker sophistication gradient reveals discrete break points, a minimum skill at which trust flips from 0% to 100%, reframing the attack as a question not of whether but of how much. A controlled delivery-mode comparison shows that inline evaluation produces false negatives: GPT-5.1 shows 0% trust inline but 100% under both simulated and real agentic tool-use, demonstrating that delivery mode is a first-order confound. We evaluate five defences; read-only access control eliminates the direct mutation vector, while the remaining four are partial and model-dependent. Analysis of four additional platforms suggests the attack may generalise across the knowledge-graph ecosystem.

CSI-Based Cross-Domain Activity Recognition via Zero-Shot Prototypical Networks

The cross-domain capability of wireless sensing is currently one of the major challenges on human activity recognition (HAR) based on the channel state information (CSI) of wireless signals. The difficulty of labeling samples from new domains has encouraged the use of few and zero shot strategies. In this context, prototype networks have attracted attention due to their reasonable cross-domain transferability. This paper presents a novel zero-shot prototype recurrent convolutional network that implements a zero-shot learning strategy for HAR via CSI. This method extracts the prototypes from an available source domain to classify unseen and unlabeled data from the target domain for the same or similar classes. The experiments have been developed using three datasets with real measurements, and the results include an inter-datasets evaluation. Overall, the results improve the state of the art and make it a promising solution for cross-domain HAR.

Channel Phase Processing in Wireless Networks for Human Activity Recognition

The phase of the channel state information (CSI) is underutilized as a source of information in wireless sensing due to its sensitivity to synchronization errors of the signal reception. A linear transformation of the phase is commonly applied to correct linear offsets and, in a few cases, some filtering in time or frequency is carried out to smooth the data. This paper presents a novel processing method of the CSI phase to improve the accuracy of human activity recognition (HAR) in indoor environments. This new method, coined Time Smoothing and Frequency Rebuild (TSFR), consists of performing a CSI phase sanitization method to remove phase impairments based on a linear regression and rotation method, then a time domain filtering stage with a Savitzy-Golay (SG) filter for denoising purposes and, finally, the phase is rebuilt, eliminating distortions in frequency caused by SG filtering. The TSFR method has been tested on five datasets obtained from experimental measurements, using three different deep learning algorithms, and compared against five other types of CSI phase processing. The results show an accuracy improvement using TSFR in all the cases. Concretely, accuracy performance higher than 90\% in most of the studied scenarios has been achieved with the proposed solution. In few-shot learning strategies, TSFR outperforms the state-of-the-art performance from 35\% to 85\%.