Back to Catalog
Owasp Llm
top10_2025
LLM02 - Sensitive Information Disclosure
LLM inadvertently reveals confidential data from training data or retrieved context.
Intent & Description
'
🎯 Intent
Prevent LLMs from leaking sensitive information such as PII, financial records, or internal system details.
📋 Context
LLMs may memorize and reproduce sensitive data from training sets or RAG contexts. Users can craft queries to extract this information through targeted prompting.
💡 Solution
Implement output filtering for sensitive data patterns. Apply data sanitization in RAG pipelines. Use differential privacy techniques. Limit training data exposure. Apply PII detection and redaction.'
Real-world Use Case
Use when LLMs process or have access to sensitive data through training, fine-tuning, or retrieval augmented generation.
📌 TL;DR
Prevent LLM data leakage. Filter outputs, sanitize RAG data, detect PII, and limit training data exposure.
Advantages
- Protects user privacy
- Prevents regulatory violations
- Reduces data breach risk
- Maintains trust
Disadvantages
- May reduce model usefulness
- PII detection has false negatives
- Training data leaks are hard to prevent