Risk
Sensitive Data Exfiltration via Agent Output or Tool Calls
Description
Sensitive data flows out through agent responses, tool arguments, or external API calls due to missing output filtering or scope enforcement.
Example
An agent fetches customer records during a task and includes them verbatim in an outbound email tool call, or in a summary rendered to an unauthorized user.
Assets Affected
Model Response
Tool
AI App
Agent Memory / Cache
Mitigation
- Output filtering and DLP at harness boundary
- classify and redact sensitive data
- scope tool arguments
- audit data flowing to external destinations.
Standards Mapping
- ISO: A.8.2, A.7.4
- OWASP agentic: ASI06
- OWASP LLM: LLM02:2025
- EU AI Act: Art. 10, Art. 15(5)
- DASF: Model Serving 10.6, Agents-MCP 13.23
- AIUC-1: A006, B009