🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

LLM Information Disclosure

Sensitive information poses risks to both the LLM itself and its application context. This includes personally identifiable information (PII), financial data, health records, confidential business information, security credentials, and legal documents. Additionally, proprietary models often have unique training methodologies and source code that are highly sensitive, particularly in closed or foundation models, making them targets for theft or misuse.

Remediation

  • Limit the amount of sensitive information used during model training and inference to the bare minimum necessary for functionality.
  • Mask or redact sensitive details before using them in prompts or as part of model inputs.
  • Apply differential privacy to anonymise training data and prevent leakage of sensitive information through model outputs.

Metadata

  • Severity: high
  • Slug: llm-information-disclosure

CWEs

  • 359: Exposure of Private Personal Information to an Unauthorized Actor

OWASP

  • LLM02:2025: Sensitive Information Disclosure

Available Labs

Select a language to explore available labs for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.