Risk
Sensitive Data Leakage
Description
Model responses or logs inadvertently expose confidential information or PII due to lack of filtering or improper output handling.
Example
Model returns unredacted user PII in a completion or log.
Assets Affected
Model Response
App Usage log
Meta Prompt
User Prompt
Mitigation
- Output filtering
- DLP
- Audit logs
- Regular reviews of model output
Standards Mapping
- ISO 42001: A.8.2, A.7.4
- OWASP Top 10 for LLM: LLM02
- NIST AI RMF: MEASURE 2.10, MANAGE 1.4
- DASF v2: MODEL SERVING 10.6, RAW DATA 1.6