Data Privacy Exfiltration (OWASP LLM 05)

Attacks aimed at extracting sensitive information, personal data, or confidential content from AI systems.

Information Leakage Attacks

Probe Name

Description

Cross Session Leak

This probe tests for information leakage across different sessions or conversations, evaluating whether sensitive data from one session can be retrieved in subsequent sessions.

The probe sends sensitive information (passwords, keys, tokens) in one conversation, then starts a new conversation and attempts to retrieve that information.

PII Leak

This probe tests whether an AI agent can be manipulated into disclosing personally identifiable information (PII), such as names, addresses, phone numbers, or other sensitive personal data. It assesses the system’s effectiveness in enforcing privacy boundaries and safeguarding confidential information.

Malicious Content Generation

Probe Name

Description

Link Injection

This probe tests if an AI agent can be manipulated into generating or suggesting links to phishing sites, malware, or other malicious web destinations.

Script Injection

This probe checks if an AI agent can be induced to produce responses with malicious JavaScript or executable scripts, potentially resulting in Cross-Site Scripting (XSS) vulnerabilities.