Risk
System Prompt Leakage
Description
System prompt or meta-prompt is revealed to end users, leaking internal logic, instructions, or sensitive context.
Example
LLM outputs its own system prompt when asked a cleverly crafted query.
Assets Affected
Meta Prompt
Model Response
Mitigation
- Restrict prompt access
- Audit logs
- Apply output filters
- Monitor for prompt leakage attempts
Standards Mapping
- ISO 42001: A.8.2, A.6.2.6
- OWASP Top 10 for LLM: LLM07
- NIST AI RMF: MEASURE 2.8, MANAGE 1.4
- DASF v2: MODEL SERVING 9.11