JMIR Publications

ABSTRACT

The integration of large language models and agentic artificial intelligence (AI) into pharmacovigilance (PV) workflows introduces adversarial vulnerabilities that are not well addressed by conventional IT security or standard GxP validation frameworks. Unlike infrastructure breaches, attacks on model analytical judgment can alter seriousness assessments, suppress safety signals, or distort aggregate reports while case records remain intact and operational metrics appear normal. This paper uses structured threat modelling and war-gaming to map nine adversarial attack classes onto PV intake, signal detection, and regulatory submission workflows: prompt injection, data poisoning, adversarial text and multimodal manipulation, supply-chain compromise, model extraction, context-window manipulation, model inversion and membership inference, jailbreaking, and denial of service. Scenarios are grounded in adversarial machine learning research and assessed for structural plausibility rather than presented as confirmed PV incidents. The paper argues that PV faces distinctive systemic amplifiers: mandatory Individual Case Safety Reports submission and cross-MAH data exchange may propagate manipulated content across organizations; GxP validation of version-locked systems can delay remediation; and agentic architectures can convert local model failures into executed actions across safety databases, follow-up communication, and submission workflows. A three-tier defense architecture is proposed, spanning procedural controls, adversarial testing integrated into validation, deterministic enforcement approaches for agentic workflows, and frontier measures such as AI red teaming and federated anomaly detection.