LLM02: Sensitive Information Disclosure
OWASP LLM Top 10 (2025)
Models leak PII, PHI, secrets, or proprietary data through outputs.
What this risk means
Models trained on or retrieving over sensitive corpora can surface PII, PHI, intellectual property, or system internals in completions. Insufficient data redaction, weak retention policies, and lack of customer-controlled training opt-out widen exposure.
How TrustAtlas dimensions address it
Data-handling scoring covers training opt-out, retention, encryption, and HIPAA BAA availability; IP exposure covers customer-content boundary terms; jurisdiction matters because residency requirements bound where the disclosure surface lives.
See methodology for how each dimension is scored across the catalog.
Questions to ask vendors
Drop these into RFPs, due-diligence questionnaires, or a procurement scorecard. Each question maps back to evidence visible on the vendor's TrustAtlas profile.
- Is customer data excluded from training by default? Cite the contractual language and clarify whether the exclusion flows through to any sub-processed model providers.
- What is your default retention period for prompts, completions, embeddings, and logs — and is it customer-configurable down to zero-retention?
- Do you offer regional data residency (US / EU / APAC) with a contractual guarantee, or only best-effort routing?
- If a customer triggers a sensitive-information disclosure incident, what is your detection, notification, and remediation timeline?
Related
- Back to the full OWASP LLM Top 10 cross-walk
- NIST AI RMF cross-walk — the U.S. enterprise companion framework
- TrustAtlas methodology — how the 8 risk dimensions are scored
- Browse the vendor directory and filter by the dimensions tied to this risk