LLM02:2023 - Data Leakage

Description:
Data leakage occurs when an LLM accidentally reveals sensitive information, proprietary algorithms, or other confidential details through its responses. This can result in unauthorized access to sensitive data or intellectual property, privacy violations, and other security breaches.

Common Data Leakage Vulnerabilities:

How to Prevent:

Example Attack Scenarios: Scenario #1: A user inadvertently asks the LLM a question that could reveal sensitive information. The LLM, lacking proper output filtering, responds with the confidential data, exposing it to the user.

Scenario #2: An attacker deliberately probes the LLM with carefully crafted prompts, attempting to extract sensitive information that the LLM has memorized from its training data.

By understanding and addressing the risks associated with data leakage, developers can better protect their LLM implementations and ensure the safety and security of their systems.