Sensitive Information Disclosure
Premium roomExplore how AI embeddings, retrieval, and weak access controls expose sensitive private data.
medium
To access material, start machines and answer questions login.
Large Language Models generate responses based on patterns learned during training and on data retrieved at runtime. Unlike traditional databases, they do not enforce strict row-level access rules by default. This creates a new class of confidentiality risk: sensitive information disclosure. In systems, disclosure does not usually happen because a model "decides" to reveal a secret. It happens because sensitive data was allowed to enter the system's .
In this room, you will explore how data leaks through the retrieval and logging layers of systems. You will start by examining how sensitive information disclosure is categorised under LLM02 and why it differs from poisoning and prompt injection. From there, you will investigate common disclosure scenarios, -level risks, retrieval pipeline
failures, and access control strategies. You will then apply defensive safeguards before testing everything hands-on in a practical lab exercise against a simulated system.
These exposures are categorised under LLM02 – Sensitive Information Disclosure. They focus on protecting private data, proprietary logic, and confidential documents from being exposed through outputs.
Learning Objectives
By completing this task, you will be able to:
- Define sensitive information disclosure (LLM02)
- Distinguish between and retrieval-based leakage
- Identify architectural points where data can leak
- Understand why confidentiality is a system design issue
- Prepare to analyse real disclosure scenarios in the next task
Prerequisites
This room is part of a broader Security path. It is recommended that you complete this room in the intended order to establish core fundamentals. At a minimum, you should be familiar with the concepts covered in the Security Fundamentals and in Systems rooms. You should also be familiar with:
- How LLMs generate responses
- High-level knowledge of vector databases (recommended)
No machine learning or mathematical background is required.
I understand the learning objectives and am ready to learn about sensitive information disclosure!
Ready to learn Cyber Security?
The Sensitive Information Disclosure room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in