mirror of
https://github.com/OWASP/www-project-ai-testing-guide.git
synced 2026-07-15 23:47:19 +02:00
Update AITG-DAT-02_Testing_for_Runtime_Exfiltration.md
This commit is contained in:
@@ -31,17 +31,17 @@ Runtime Exfiltration involves unauthorized extraction or leakage of sensitive da
|
||||
### Expected Output
|
||||
|
||||
The AI infrastructure should effectively:
|
||||
|
||||
- Restrict inference outputs to prevent exposure of sensitive, personally identifiable, or proprietary information.
|
||||
- Mask, anonymize, or omit sensitive data from logs, caches, or inference responses.
|
||||
- Secure all runtime APIs and interfaces against unauthorized data extraction or unintended disclosure.
|
||||
- **Restrict Inference Outputs**: Prevent exposure of sensitive, personally identifiable, or proprietary information from other contexts.
|
||||
- **Mask Sensitive Data in Logs**: Automatically mask, anonymize, or omit sensitive data from logs, caches, and error messages.
|
||||
- **Secure All Runtime APIs**: Ensure APIs return generic error messages and do not leak internal system state or data from other users.
|
||||
|
||||
### Remediation
|
||||
|
||||
- Implement strict runtime output validation and sanitization mechanisms.
|
||||
- Enforce secure logging practices, ensuring sensitive runtime data is anonymized or excluded from logs and caches.
|
||||
- Deploy API security solutions to robustly verify, sanitize, and control inference responses and prevent sensitive data leakage.
|
||||
- Regularly audit runtime operations and inference endpoints to detect and prevent unauthorized data exfiltration.
|
||||
- **Implement Strict Runtime Output Validation and Sanitization**: Before returning an output, scan it for sensitive data patterns (e.g., regex for PII) and mask or remove them. This is a critical last line of defense.
|
||||
- **Enforce Secure Logging Practices**: Configure logging frameworks to automatically filter or mask sensitive data. Never log raw user inputs or full API responses in production. Log only metadata necessary for debugging.
|
||||
- **Implement Generic Error Handling**: Ensure that user-facing error messages are always generic and never include stack traces, internal variable states, or raw data from the request or system.
|
||||
- **Use Data Loss Prevention (DLP) Solutions**: Deploy automated DLP tools that can inspect both API traffic and logs in real-time to detect and block sensitive data exfiltration.
|
||||
- **Enforce Strong Multi-Tenancy Controls**: In multi-tenant systems, ensure that data from one tenant is cryptographically and logically isolated from all others at all stages (inference, logging, caching).
|
||||
|
||||
### Suggested Tools
|
||||
|
||||
|
||||
Reference in New Issue
Block a user