惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
C
Cisco Blogs
The Hacker News
The Hacker News
T
Threatpost
S
Schneier on Security
K
Kaspersky official blog
Spread Privacy
Spread Privacy
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google DeepMind News
Google DeepMind News
Security Latest
Security Latest
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
博客园 - 叶小钗
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News and Events Feed by Topic
爱范儿
爱范儿
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Project Zero
Project Zero
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
T
Tenable Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
C
Cyber Attacks, Cyber Crime and Cyber Security
N
News and Events Feed by Topic
V
V2EX
Webroot Blog
Webroot Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Blog — PlanetScale
Blog — PlanetScale
M
MIT News - Artificial intelligence
Scott Helme
Scott Helme
Simon Willison's Weblog
Simon Willison's Weblog
L
LangChain Blog
W
WeLiveSecurity
Cloudbric
Cloudbric

A10 Networks

Secure, High-Performance Networking Solutions | A10 Battling Bots, Fraud & AI Threats Summit | Retail IT & Cybersecurity What Is Healthcare Data Compliance? | A10 Networks Interop Best of Show Runner's Up - People's Choice | A10 Networks Interop Best of Show Runner's Up - Security for AI | A10 Networks What Is FIX Protocol Trading? | A10 Networks A10 Joins OpenAI's Trusted Access for Cyber Flexible Licensing for Multiple Clouds | A10 Networks A10 Acquires TrojAI to Advance Enterprise AI Security HFT Infrastructure: High Frequency Trading Explained | A10 Networks A10 Networks Acquires TrojAI Inc., Expanding AI Roadmap | A10 Networks What Is Low-latency Trading? | A10 Networks Multi-Vector DDoS: 11 Amplification Vectors | A10 Healthcare Cloud Compliance: HIPAA & GDPR Guide | A10 LLM Unbounded Consumption & DoS Attacks | OWASP LLM10 LLM Hallucination & Misinformation | OWASP LLM09:2025 Healthcare Network Protection for Hospitals & Clinics RAG Security: Vector & Embedding Weaknesses | OWASP LLM08 System Prompt Leakage | OWASP LLM07:2025 Explained LLM Excessive Agency | OWASP LLM06:2025 Explained LLM Supply Chain Security | OWASP LLM03:2025 Trust, Control and Security in the Age of Agentic AI Summit | A10 Networks LLM Improper Output Handling | OWASP LLM05:2025 Data Poisoning Attacks in LLMs | OWASP LLM04:2025 Game Over for DDoS Attacks in Gaming | How to Achieve Resilience Prompt Injection | OWASP LLM01:2025 Explained Beyond PCI Summit: Battling Bots, Fraud, and AI-powered Threats Web Application Security Best Practices for 2026 | A10 Networks A10’s 5 Key Takeaways on Application & API Security Trends Securing Financial Applications in the AI Era Summit Unified Application Delivery, Security, and AI Protection for Financial Services The Most Famous DDoS Attacks in History Post-quantum Cryptography Comes to A10 SSL/TLS Data Plane Real-time DDoS Carpet-bombing: NTP Amplification Evasion Shadow AI | Glossary AI & LLM Security: Hype vs. Reality and What to Prioritize App Delivery in the Age of AI Summit | Hybrid & Cloud-Native Strategies A Day in the Life of a Stressed Web Application | ADC & WAF Resilience Avans University of Applied Sciences Modernizes Hybrid Application Delivery with A10 Networks Preparing Government Infrastructure for AI Adoption | Expert Summit Report: IDC Spotlight Report: Modernizing Application Delivery Infrastructure for AI-powered Applications Broken Object Level Authorization (BOLA): The #1 API Security Risk | Free Webinar | A10 Networks Product Demo: A10 AI Firewall by A10 Networks AI Firewall for Enterprise AI Security | A10 Networks API Traffic Management for AI and Agentic Systems | Expert Summit AI is Here: How Ready Is Your Infrastructure? | A10 Networks Pulse Campaign Analysis: Brazil ISPs Expose Next-Gen DDoS Automation Trends Tech Companies Lead GenAI Adoption but Face Infrastructure Gaps Cyber Defense Magazine's 2026 Global InfoSec award – Editor's Choice – API Security | A10 Networks Load Balancing Solutions for Availability & Security | A10 Networks Top 9 Generative AI Security Risks in 2026 LLM Security: Protecting AI Models & Applications
Sensitive Information Disclosure | OWASP LLM02:2025
Richard Tuma · 2026-05-21 · via A10 Networks

Sensitive information disclosure remains one of the most serious risks in LLM-enabled systems.

Large language models (LLMs) process, generate, and sometimes retain data that may include personal, financial, medical, legal, or proprietary information. When improperly configured or insufficiently controlled, LLMs and their surrounding applications can expose this data through model outputs, training processes, or integrations. This risk affects both the model and the application context in which it operates.

Key Takeaways

  • Sensitive information disclosure occurs when LLMs expose PII, business data, proprietary algorithms, or security credentials through their outputs, either unintentionally or via exploitation.
  • Disclosed training data can enable model inversion attacks, where adversaries reconstruct sensitive inputs or extract proprietary information from the model itself.
  • System prompt restrictions can reduce disclosure risk but are not reliable on their own because they can be bypassed through prompt injection, making layered defenses essential.
  • Privacy-preserving techniques such as federated learning, differential privacy, and homomorphic encryption reduce exposure by limiting centralized data access and making individual data points harder to reverse-engineer.
  • Prevention relies on combining data sanitization before training, strict access controls, robust input/output validation, and clear user policies on data retention and opt-out rights.

What is Sensitive Information in LLM Systems?

Sensitive information includes, but is not limited to:

  • Personally identifiable information (PII)
  • Financial records
  • Health information
  • Confidential business data
  • Security credentials and access tokens
  • Legal documents
  • Proprietary algorithms and source code

In addition, proprietary training methodologies, model architectures, and fine-tuning datasets may themselves be considered sensitive, especially in closed or foundation model deployments.

When LLMs are embedded into enterprise workflows, customer-facing tools, or internal systems, improper data handling can result in privacy violations, intellectual property leakage, and unauthorized access.

How Disclosure Happens

Sensitive information disclosure can occur through multiple paths. The model reproduces data from training sets. User-provided data is inadvertently included in responses to other users. System prompts or internal configuration details are exposed. External integrations return more data than intended. Prompt injection bypasses filtering controls.

Consumers may also unintentionally provide confidential information during interactions. Without proper safeguards, that data can be retained, reused, or surfaced later in outputs. Mitigation requires both technical controls and clear transparency policies.

Common Vulnerability Examples

  • PII leakage: An LLM discloses personal data belonging to another user due to inadequate isolation or sanitization.
  • Proprietary algorithm exposure: Improper configuration allows internal logic, training data, or proprietary algorithms to be revealed. In extreme cases, exposure of training data enables model extraction or inversion attacks. For example, documented research such as the “Proof Pudding” attack (CVE-2019-20634) demonstrated how leaked training data facilitated model extraction and bypassed security controls.
  • Sensitive business data disclosure: Generated responses unintentionally include confidential enterprise information, such as internal financial projections or trade secrets.

Prevention and Mitigation Strategies

Reducing disclosure risk requires layered controls across data handling, model configuration, and user transparency.

Data Sanitization

Integrate data sanitization techniques to scrub or mask sensitive data before it is included in model training or processing pipelines. Also ensure robust input validation to detect and filter harmful or sensitive inputs before they reach the model.

Access Controls

Enforce least privilege by limiting access to sensitive data to only what is necessary for a given user or process. Restrict data sources to carefully manage and secure runtime data orchestration and prevent unintended exposure through external integrations.

Federated Learning and Privacy Techniques

Use federated learning to train models using decentralized datasets across multiple systems to reduce centralized data risk and differential privacy to introduce statistical noise into data or outputs to prevent reconstruction of individual records.

User Education and Transparency

As always, educate users on safe interactions and provide guidance on avoiding the input of sensitive data into LLM systems. In addition, ensure transparency in data use by publishing clear data retention, usage, and deletion policies and offer opt-out mechanisms for training data inclusion.

Secure System Configuration

Conceal system preambles and internal prompts to limit user access to system-level instructions and internal configurations. Follow secure configuration best practices by applying established guidance such as OWASP API security recommendations to prevent leakage through misconfiguration or verbose error messages.

Advanced Privacy Techniques

Use advanced privacy techniques such as homomorphic encryption to enable privacy-preserving data processing where data remains encrypted during computation, and tokenization and redaction to detect and redact sensitive content using pattern matching and pre-processing before model interaction.

Example Attack Scenarios

There are multiple examples of attack scenarios that should be considered to protecting sensitive data.

  • Unintentional data exposure: A user receives a response containing another user’s personal data due to inadequate sanitization controls.
  • Targeted prompt injection: An attacker bypasses input filters and extracts confidential information through crafted prompts.
  • Training data leakage: Sensitive enterprise data is inadvertently included in model training and later surfaced in responses.

Why It Matters

LLMs amplify both productivity and risk. When embedded into applications, they can access, process, and generate sensitive data at scale. Without strict controls, this creates opportunities for unauthorized disclosure, privacy violations, intellectual property loss, regulatory exposure and ultimately, erosion of user trust. Sensitive information disclosure is not solely a model issue. It is a system design issue.

Secure LLM deployments require clear data governance policies, strict access control enforcement, privacy enhancing technologies, continuous monitoring and adversarial testing and transparent communication with users.

Organizations must treat LLM systems as high-sensitivity data processors and architect them accordingly and security and privacy must be embedded from design through deployment.

< Back to Glossary of Terms