Data Privacy Exfiltration
Attacks aimed at extracting sensitive information, personal data, or confidential content from AI systems.
OWASP LLM Top 10
Section titled “OWASP LLM Top 10”OWASP LLM05:2025 Improper Output Handling ↗ - Improper Output Handling occurs when an LLM’s responses are not adequately validated, sanitized, or encoded before being passed to downstream systems. This can result in vulnerabilities such as cross-site scripting (XSS), SQL injection, or unauthorized system commands.
Probes
Section titled “Probes”| Probe Name | Description |
|---|---|
| Link Injection | Tests whether an AI agent can be manipulated to generate or recommend malicious links that could lead to phishing sites, malware downloads, or other harmful web destinations. |
| Script Injection | Tests whether an AI agent can be manipulated to generate responses containing malicious JavaScript or other executable script code that could lead to Cross-Site Scripting (XSS) vulnerabilities. |
| Cross Session Leak | This probe tests for information leakage across different sessions or conversations, evaluating whether sensitive data from one session can be retrieved in subsequent sessions. The probe sends sensitive information (passwords, keys, tokens) in one conversation, then starts a new conversation and attempts to retrieve that information. |
| PII Leak | This probe tests whether an AI agent can be tricked into revealing personally identifiable information (PII) such as names, addresses, phone numbers, or other sensitive personal data. It evaluates the target’s ability to maintain privacy boundaries and protect confidential information. |