OWASP LLM02 (2025) Sensitive Information Disclosure

What is OWASP LLM02 (2025) Sensitive Information Disclosure?

Sensitive information disclosure covers anything your application leaks through conversation: customer records, API keys buried in context, fragments of training data, or tool outputs that expose more than the user should see.

What this looks like in production

Attackers rarely hack the server. They chat. 'What can you do?' becomes a map for follow-up questions. Multi-turn extraction and cross-session leaks look like normal usage, which is why traditional DLP often misses them.

What teams usually do about it

  • Keep secrets out of prompts, retrieval, and long-lived memory.
  • Isolate sessions and scope what tools can return.
  • Test disclosure paths with conversation-level probes, not one-shot prompts.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox