Weather forecasts depend on a dull premise with expensive consequences: the readings going into the model have to be real. A group of climate, weather and AI researchers is warning that premise is getting easier to attack, especially as prediction markets and data-driven forecasting systems put more value on individual observations.
Monique Kuglitsch of the Fraunhofer Heinrich Hertz Institute, Jesper Dramsch of the European Centre for Medium-Range Weather Forecasts, Franz G. Kuglitsch of the International Union of Geodesy and Geophysics, and Andrea Toreti of the European Commission’s Joint Research Centre argue that weather data integrity is becoming a security problem, not just an instrumentation problem.
Their concern is practical. Airlines, electricity grid operators, farmers and emergency managers all act on forecasts. Farmers use them for choices about crops, fertilizer, irrigation and livestock. Utilities use them when planning renewable energy projects and pricing wholesale power. Forecasts also feed warnings for dangerous weather. More recently, weather outcomes have become contracts in online prediction markets, where traders can win or lose money on temperature thresholds and other real-world events.
The clearest recent example came at Paris Charles de Gaulle Airport. News outlets reported that the airport weather station recorded suspicious temperature spikes on April 6 and April 15, 2026. Authorities speculated that someone may have used a handheld hair dryer or lighter near the sensor. The readings helped prediction-market bettors who had wagered that the temperature would reach 22 degrees Celsius, or 71.6 degrees Fahrenheit, on days when the actual average was about 18 degrees Celsius, or 64.4 degrees Fahrenheit. According to the researchers, one person won $20,000.
That episode was crude enough to be caught. The researchers said members of a French climate nonprofit noticed the anomalies by chance and raised the alarm. A single bad station can often be detected by human checks, statistical filters, or comparison with nearby stations.
Why small changes can become a bigger problem
Traditional forecasting systems such as the Weather Research and Forecasting model and the ECMWF Integrated Forecasting System do not swallow every sensor value uncritically. They use data assimilation, a process that compares an incoming measurement with what the physics-based model expects and with other observations around it. That gives forecasters a buffer against broken instruments, equipment changes and obvious tampering.
The harder case is coordinated manipulation. If an attacker nudged many station readings remotely, and each change stayed within a plausible local range, existing quality controls could have more trouble spotting the pattern quickly. The researchers also point to a timing problem: detailed checks of data and metadata can take hours or days, while operational forecasts have deadlines.
AI forecasting raises the stakes because some systems rely more directly on observation data. The authors cited ECMWF research into forecasts generated from raw observations, potentially bypassing the assimilation step that currently acts as a quality filter. They also pointed to research combining geospatial data, station readings, large language models and agentic AI for real-time decisions during extreme weather.
The possible payoff is faster and more efficient forecasting. The risk is that automated systems can amplify corrupted inputs before a human notices. The researchers outline scenarios ranging from an individual bettor heating one sensor, to traders trying to skew renewable-energy forecasts and wholesale electricity prices, to a saboteur interfering with warnings for dangerous weather.
Controls need to follow the data
The researchers recommend tighter station security, continuous monitoring, faster anomaly detection and human review of suspicious model output. They also call for defenses inside AI pipelines, including explainability and adversarial robustness tools that can help identify bad inputs or unreliable outputs.
They argue that accountability has to run across the full chain: station operators, national weather services, forecasting centers and the organizations acting on forecasts. No one link can protect the system alone. If weather data is becoming a market signal and an AI input, treating sensor integrity as routine maintenance looks increasingly naive.
This story draws on original reporting from MIT Technology Review.