Leakage of personal or sensitive data
The system memorizes and discloses personal or sensitive data in its outputs, or such data is extracted via inference/extraction attacks, as distinct from the lawful basis for collecting or processing that data (MR-011).
- Risk family
- Data, privacy & content liability
- MIT domain
- 2. Privacy & Security
- MIT subdomain
- 2.1 > Compromise of privacy by leaking or correctly inferring sensitive information
- AI type
- GPAI, Classical_ML
- Scope
- System
- Source standard
- MIT AI Risk Repository v4
Provenance
34 source framework citation keys
Framework crosswalk
Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.
- A.8 ISO/IEC 23894 Annex A A.8
- A.5.4 ISO/IEC 42001 Annex A A.5.4
- A.7.4 ISO/IEC 42001 Annex A A.7.4
- A.7.5 ISO/IEC 42001 Annex A A.7.5
Expanded into this risk’s technique sub-risks.
- ibm-exposing-personal-information Exposing personal information
- ibm-sharing-ip-pi-confidential-information-with-user Sharing IP/PI/confidential information with user
- AISubtech-15.1.25 Privacy Attacks: PII / PHI / PCI
- AISubtech-8.2.1 Training Data Exposure
- AISubtech-8.2.2 LLM Data Leakage
- NISTAML.03 Privacy Compromises
- NISTAML.032 Reconstruction partial
- NISTAML.036 Leaking information from user interactions
- NISTAML.037 Training Data Attacks
- NISTAML.038 Data Extraction
- GENAI.4 Data Privacy
- LLM02:2025 Sensitive Information Disclosure
- LLM08:2025 Vector and Embedding Weaknesses partial
Sub-risks (3)
Technique-level decompositions of this risk, each anchored to the MITRE ATLAS technique it derives from.
Crafted prompts induce the model to reveal sensitive data from its training set, context, or memory.
The model is induced to emit private data through rendered elements such as markdown images or links that call out to an attacker.
Access to the deployer's AI services is used to collect the data those services hold.
Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.