Risk
Data Exfiltration via Monitoring/Telemetry
Description
Attackers abuse telemetry or monitoring endpoints to exfiltrate sensitive data.
Example
Malicious actor exploits insecure telemetry endpoint to siphon model outputs or logs.
Assets Affected
AI platform
Mitigation
- Secure monitoring interfaces
- Restrict telemetry content
- Audit and monitor access
- Alert on unusual data transfers
Standards Mapping
- ISO 42001: A.6.2.8, A.8.2
- OWASP Top 10 for LLMS 2025: LLM02
- NIST AI RMF: MEASURE 2.10, MEASURE 2.7