Skip to content

Hide Navigation Hide TOC

Information Disclosure (cdcaee22-bca8-5573-a3ed-36f9a2a8a473)

  • How can you make sure the product doesn’t inadvertently disclose sensitive or private information during use (e.g., indirectly inferring location, behaviour or connection between digital and physical identity of users)?
  • Could movements or actions be revealed through data aggregation?

Threat-modeling question: Could the AI system infer and reveal information that a person has not explicitly shared?

Cluster A Galaxy A Cluster B Galaxy B Level
LLM Data Leakage (45d378aa-20ae-401d-bf61-7f00104eeaca) MITRE ATLAS Attack Pattern Information Disclosure (cdcaee22-bca8-5573-a3ed-36f9a2a8a473) PLOT4ai 1
Information Disclosure (cdcaee22-bca8-5573-a3ed-36f9a2a8a473) PLOT4ai Credential and Secret Exposure in Agent Output - ATR-2026-00021 (01590c5a-255a-503b-a3cb-5016da41ae9c) Agent Threat Rules 1
LLM Data Leakage (45d378aa-20ae-401d-bf61-7f00104eeaca) MITRE ATLAS Attack Pattern Credential and Secret Exposure in Agent Output - ATR-2026-00021 (01590c5a-255a-503b-a3cb-5016da41ae9c) Agent Threat Rules 2
Unsecured Credentials (04d61746-9df1-468e-99d3-0a4685856deb) MITRE ATLAS Attack Pattern Credential and Secret Exposure in Agent Output - ATR-2026-00021 (01590c5a-255a-503b-a3cb-5016da41ae9c) Agent Threat Rules 2