Sensitive data can be memorised by the model from user interaction or training and may then be leaked to unintended and unauthorised parties by querying the model, for example through crafted prompts.
AI/ML / Gen AI / Threats / DEV
Sensitive Information Disclosure
CCC.GenAI.TH03
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP02 | Encryption at Rest Enabled by Default | The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium. |
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.GenAI.CP22 | Data Control | Ensures prompts, model outputs, embeddings, and training data fed by customers are not used to train foundation models. |
| CCC.GenAI.CP22 | Data Control | Ensures prompts, model outputs, embeddings, and training data fed by customers are not used to train foundation models. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.GenAI.CN01 | Model Input Filtering and Sanitisation | Inspect and validate input before it is passed to a GenAI model in order to filter or sanitise adversarial queries and prevent sensitive data leakage. |
| CCC.GenAI.CN02 | Model Output Filtering and Sanitisation | Inspect and validate GenAI model output before passing it to users, applications or plugins in order to filter or sanitise insecure or unreliable output and prevent sensitive data leakage. |
| CCC.GenAI.CN03 | Data Provenance and Source Vetting | Ensure that all data for training, fine-tuning or RAG comes from trusted, approved sources and is authorised for the intended purposes in order to prevent the initial introduction of malicious content or leaked sensitive data. |
| CCC.GenAI.CN04 | Sanitisation of Ingested Data | Validate and sanitise all data ingested by GenAI systems from extenal sources or internal knowledge bases, whether for training, conversion to vector embeddings, or real-time retireval, in order to remove or redact poisoned or sensitive data before further processing. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| FINOS-AIGF | AIR-RC-001 | Information Leaked To Hosted Model |
| FINOS-AIGF | AIR-SEC-002 | Information Leaked to Vector Store |
| FINOS-AIGF | AIR-RC-023 | Intellectual Property (IP) and Copyright |
| SAIF | SDD | Sensitive Data Disclosure |
| OWASP-LLM-TOP10 | LLM02:2025 | Sensitive Information Disclosure |
| MITRE-ATLAS | AML.T0057 | LLM Data Leakage |