PII leakage, credential extraction, PHI inference, exfiltration via code
Sensitive Data Disclosure is ranked LLM02 in the OWASP LLM Top 10 (2025) — the industry-standard taxonomy for large language model security risks. It represents one of the most commonly exploited vulnerability classes in production AI deployments.
PII leakage from context windows, credential extraction, PHI inference, output-channel exfiltration via generated code.
Researchers demonstrated that injecting instructions into ChatGPT's long-term memory feature caused the model to quietly exfiltrate user data in subsequent conversations - including chats that occurred days after the initial injection. The attack persisted until memory was manually cleared.
Run the full LLM02 attack suite against your LLM in minutes.
Run free scan →