How to Submit
Browse
Events
Communities
About

Red-Teaming the Feedback Loop: Adversarial Cascade Simulation in Synthetic Primary Care

20 May 2026, Version 1
Working Paper
This content is an early or alternative research output and has not been peer-reviewed by Cambridge University Press at the time of posting.

Abstract

Administrative artificial-intelligence (AI) pipelines in primary care are vulnerable to cascade amplification when feedback loops are present. Whether the six adversarial attack classes catalogued in our earlier threat taxonomy can be deliberately triggered through realistic perturbations, and whether a distributional monitoring pattern can distinguish adversarial perturbation from accidental drift, has not been tested in silico. We extend our previously published five-node Synthea-based simulation of administrative AI in primary care (1,000 synthetic patients; 100 Monte Carlo iterations per scenario) with eight adversarial scenarios spanning single-node, coordinated multi-node, stealth-ramp, and supply-chain compromise patterns, plus a novel data-poisoning attack using the publicly available Medical-Triage-500 dataset (HuggingFace) validated against 41,470 patient encounters from the MedDialog/HealthCareMagic-100k corpus. Results: the stealth-ramp scenario (1 per cent perturbation magnitude over 100 feedback cycles) is the only configuration crossing the previously reported clinical-relevance threshold for cascade amplification (Cascade Amplification Factor > 1.2), with total error 2.94 versus baseline accidental-drift 0.31. Single-shot adversarial injection at 10 per cent magnitude without feedback reaches total error 0.39, only 23 per cent above baseline, operationally indistinguishable from noise. Coordinated attacks at the Documentation and Coding nodes produce 1.55 times the error of single-node attacks under identical magnitude and feedback. The data-poisoning attack produces an 11.7 per cent undertriage rate at population scale. We argue that adversarial-robustness assessment for clinical AI pipelines must address persistent low-magnitude perturbation through feedback loops, not only high-magnitude single-shot scenarios. An Ontological Intrusion-Detection Architecture as constructive response is developed in a companion paper.

Keywords

adversarial AI clinical AI cascade amplification data poisoning feedback loop supply-chain compromise DriftSentinel in silico experimentation primary care ontological integrity

Comments

Comments are not moderated before they are posted, but they can be removed by the site moderators if they are found to be in contravention of our Commenting and Discussion Policy [opens in a new tab] - please read this policy before you post. Comments should be used for scholarly discussion of the content in question. You can find more information about how to use the commenting feature here [opens in a new tab] .
This site is protected by reCAPTCHA and the Google Privacy Policy [opens in a new tab] and Terms of Service [opens in a new tab] apply.

Version History

May 20, 2026 Version 1

Metrics

7
0
0
Views
Downloads
Citations

License

CC logo
CC
BY logo
BY
The content is available under CC BY 4.0 [opens in a new tab]

DOI

10.33774/coe-2026-w492b
D O I: 10.33774/coe-2026-w492b [opens in a new tab]

Author’s competing interest statement

The author(s) have declared they have no conflict of interest with regard to this content

Ethics

The author(s) have declared ethics committee/IRB approval is not relevant to this content

Share