CCC.GenAI.C02: Model Output Filtering and Sanitisation
Control ID:CCC.GenAI.C02
Title:Model Output Filtering and Sanitisation
Objective:Inspect and validate GenAI model output before passing it to
users, applications or plugins in order to filter or sanitise
insecure or unreliable output and prevent sensitive data leakage.
Control Family:
Data
Related Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.GenAI.TH01 | Prompt Injection | Prompt injection may occur when crafted input is used to manipulate the GenAI model's behaviour, resulting in the generation of harmful or unintended outputs. Prompt injection can be either direct (performed via direct interaction with the model) or indirect (performed via external sources ingested by the model). Both text-based and multi-modal prompt injection is possible. | 4 | 1 | 0 |
| CCC.GenAI.TH03 | Sensitive Information Disclosure | Sensitive data can be memorised by the model from user interaction or training and may then be leaked to unintended and unauthorised parties by querying the model, for example through crafted prompts. | 4 | 1 | 0 |
| CCC.GenAI.TH04 | Insecure / Unreliable Model Output | A GenAI model may generate content that is incorrect, misleading or harmful, such as convincing misinformation (hallucinations) or vulnerable or malicious code, due to its reliance on statistical patterns rather than factual understanding. Directly using this flawed output without validation can lead to system compromises, poor decision-making, and legal or reputational damage. | 4 | 1 | 0 |
| CCC.GenAI.TH05 | Model Overreliance | Model overreliance and misplaced implicit trust in the output of a GenAI model may lead to the acceptance of inaccurate, biased or insecure outputs without proper validation or oversight, potentially resulting in operational failueres, compliance breaches and flawed decision making. | 4 | 1 | 0 |
| CCC.GenAI.TH06 | Unintended Action by a Model-Based Agent | A model-based agent, given the authority to execute tools or interact with APIs, may perform an action that is harmful, incorrect, or not aligned with the user's true intent in response to a prompt. This can be caused by the model misinterpreting an ambiguous prompt or being manipulated by an adversary into misusing its delegated authority. | 4 | 1 | 0 |
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. |
| CCC.GenAI.F15 | Text-Based Prompts | Ability to input prompts in plain text. |
| CCC.GenAI.F16 | Structured Prompts | Ability to provide structured input such as JSON as prompts. |
| CCC.GenAI.F17 | Contextual Prompts | Ability to provide context or background information within the prompt to guide the response. |
| CCC.GenAI.F18 | Interactive Prompts | Ability to use conversational prompts to create interactive dialogues. |
| CCC.GenAI.F19 | Image-Based Prompts | Ability to input an image as a prompt to generate a response. |
| CCC.GenAI.F20 | Custom Template Prompts | Ability to define custom templates or structures for prompts to standardize interactions with the models. |
| CCC.GenAI.F21 | Generate Content | Ability to generate a response given a foundation model, parameter values, and a prompt. |
| CCC.GenAI.F24 | Content Moderation | Ensure the service detects and filters abusive, harmful, and sensitive information to ensure responsible and safe use of the service. |
Guideline Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
FINOS-AIGF | AIR-PREV-003 | 0 | User/App/Model Firewalling/Filtering |
FINOS-AIGF | AIR-PREV-017 | 0 | AI Firewall Implementation and Management |
FINOS-AIGF | AIR-PREV-002 | 0 | Data Filtering From External Knowledge Bases |
FINOS-AIGF | AIR-DET-001 | 0 | AI Data Leakage Prevention and Detection |
SAIF | Output Validation and Sanitization | 0 | - |
MITRE-ATLAS | AML.M0020 | 0 | Generative AI Guardrails |
MITRE-ATLAS | AML.M0002 | 0 | Passive AI Output Obfuscation |