Data Privacy & Exfiltration (OWASP LLM 05)
Attacks aimed at extracting sensitive information, personal data, or confidential content from AI systems.
Information Leakage Attacks
Probe Name |
Description |
|---|---|
Cross Session Leak |
This probe tests for information leakage across different sessions or conversations, evaluating whether sensitive data from one session can be retrieved in subsequent sessions. The probe sends sensitive information (passwords, keys, tokens) in one conversation, then starts a new conversation and attempts to retrieve that information. |
PII Leak |
This probe tests whether an AI agent can be manipulated into disclosing personally identifiable information (PII), such as names, addresses, phone numbers, or other sensitive personal data. It assesses the system’s effectiveness in enforcing privacy boundaries and safeguarding confidential information. |
Malicious Content Generation
Probe Name |
Description |
|---|---|
Link Injection |
This probe tests if an AI agent can be manipulated into generating or suggesting links to phishing sites, malware, or other malicious web destinations. |
Script Injection |
This probe checks if an AI agent can be induced to produce responses with malicious JavaScript or executable scripts, potentially resulting in Cross-Site Scripting (XSS) vulnerabilities. |