DARR
MR-009 Data, privacy & content liability System scope

Leakage of personal or sensitive data

The system memorizes and discloses personal or sensitive data in its outputs, or such data is extracted via inference/extraction attacks, as distinct from the lawful basis for collecting or processing that data (MR-011).

Risk family
Data, privacy & content liability
MIT domain
2. Privacy & Security
MIT subdomain
2.1 > Compromise of privacy by leaking or correctly inferring sensitive information
AI type
GPAI, Classical_ML
Scope
System
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
34 source framework citation keys
Bengio2024, Cui2024, Deng2023, G'sell2024, Gabriel2024, Giarmoleo2024, Gipiškis2024, Habbal2024, Hagendorff2024, Hammond2025, Hogenhout2021, IBM2025, InfoComm2023, Li2025, Liu2024, Maham2023, Marchal2024, NIST2024, Perlo2025, Saghiri2022, Schnitzer2024, Sherman2023, Stanley2024, Steimers2022, TC2602024, Tan2022, Vidgen2024, Wang2025, Weidinger2021, Weidinger2022, Weidinger2023, Wirtz2022, Zeng2024, Zhang2023
ISO/IEC references
23894 obj A.8; src 6; mech B.5 | 42001 ctrl A.7.4, A.7.5, A.5.4

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 238941
  • A.8 ISO/IEC 23894 Annex A A.8
ISO 420013
  • A.5.4 ISO/IEC 42001 Annex A A.5.4
  • A.7.4 ISO/IEC 42001 Annex A A.7.4
  • A.7.5 ISO/IEC 42001 Annex A A.7.5
MITRE ATLAS5

Expanded into this risk’s technique sub-risks.

Cross-checksframeworks mapped in to test coverage
IBM2
  • ibm-exposing-personal-information Exposing personal information
  • ibm-sharing-ip-pi-confidential-information-with-user Sharing IP/PI/confidential information with user
Cisco3
  • AISubtech-15.1.25 Privacy Attacks: PII / PHI / PCI
  • AISubtech-8.2.1 Training Data Exposure
  • AISubtech-8.2.2 LLM Data Leakage
NIST AML5
  • NISTAML.03 Privacy Compromises
  • NISTAML.032 Reconstruction partial
  • NISTAML.036 Leaking information from user interactions
  • NISTAML.037 Training Data Attacks
  • NISTAML.038 Data Extraction
NIST GenAI1
  • GENAI.4 Data Privacy
OWASP LLM2
  • LLM02:2025 Sensitive Information Disclosure
  • LLM08:2025 Vector and Embedding Weaknesses partial

Sub-risks (3)

Technique-level decompositions of this risk, each anchored to the MITRE ATLAS technique it derives from.

MR-009.1

Prompt-induced leakage of sensitive data

#

Crafted prompts induce the model to reveal sensitive data from its training set, context, or memory.

MITRE ATLAS technique: AML.T0057 LLM Data Leakage
MR-009.2

Data exfiltration via rendered output

#

The model is induced to emit private data through rendered elements such as markdown images or links that call out to an attacker.

MITRE ATLAS technique: AML.T0077 LLM Response Rendering
MR-009.3

Harvesting data from AI-enabled services

#

Access to the deployer's AI services is used to collect the data those services hold.

MITRE ATLAS technique: AML.T0085 Data from AI Services

More in Data, privacy & content liability

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.