Skip to main content

The Threat

Data leakage occurs when sensitive information is exposed through AI model inputs or outputs. This includes personally identifiable information (PII), credentials, proprietary data, or confidential business information. Leakage can happen through accidental inclusion in prompts, model responses revealing training data, or attackers extracting information through carefully crafted queries. The risk is amplified with AI systems because:
  • Models may memorize and regurgitate training data
  • Users often paste sensitive data into prompts without thinking
  • System prompts may contain credentials or configuration details
  • Models can be manipulated to reveal information they shouldn’t

Types of Data Leakage

PII Exposure

Personal information that identifies individuals: - Email addresses and phone numbers - Social Security Numbers and national IDs - Credit card numbers and financial data - Names, addresses, and dates of birth - Medical records and health information

Credential Leaks

Authentication and access credentials: - API keys and access tokens - Passwords and passphrases
  • Database connection strings - OAuth tokens and session IDs - Private keys and certificates

Proprietary Data

Company-specific confidential information: - Internal employee IDs - Customer account numbers - Pricing and contract details - Business strategies and plans - Source code and algorithms

System Information

Configuration and infrastructure details: - System prompts and instructions - Database schemas and table names - Server addresses and endpoints - Internal tool names and workflows - Security policies and procedures

How Oximy Prevents Data Leakage

Pattern-Based Detection

Uses regex patterns to identify structured data formats: 
Email: [email protected] becomes [EMAIL_REDACTED]
SSN: 123-45-6789 becomes [SSN_REDACTED]
API Key: sk-abc123def456 becomes [API_KEY_REDACTED]
Credit Card: 4532-1234-5678-9012 becomes [CARD_REDACTED]
Fast and deterministic, catches known formats before they reach the model.

Semantic Detection

Understands context to identify sensitive information that doesn’t match patterns:
  • Names in context (“My name is John Smith”)
  • Addresses in natural language
  • Confidential discussions
  • Proprietary terminology

Training Data Extraction Prevention

Detects attempts to extract memorized training data:
  • Repetitive prompts with slight variations
  • Completion requests for known data patterns
  • Systematic probing of knowledge domains
  • High-frequency similar queries

Real-World Example

A developer accidentally includes database credentials in a prompt: 
Help me debug this connection error:

const db = mysql.createConnection({
  host: 'prod-db.company.com',
  user: 'admin',
  password: 'SuperSecret123!',
  database: 'customers'
});
Without Guardrails: The credentials are sent to the AI provider, logged in their systems, and potentially exposed in model outputs or training data. With Oximy Guardrails:
  1. Database credentials detected (host, user, password)
  2. Sensitive values replaced with placeholders
  3. Sanitized version sent to model:
const db = mysql.createConnection({
  host: '[HOST_REDACTED]',
  user: '[USER_REDACTED]',
  password: '[PASSWORD_REDACTED]',
  database: '[DATABASE_REDACTED]'
});
  1. Model provides debugging help without seeing real credentials
  2. Original request logged for audit (with redactions)

Detection Techniques

  • Request Scanning
  • Response Filtering
  • Context Monitoring
Analyzes incoming requests for sensitive data before they reach the model.What’s Detected:
  • PII in user prompts
  • Credentials in code snippets
  • Confidential data in documents
  • System information in queries
Actions:
  • Redact sensitive values
  • Block requests with critical data
  • Log violations for audit
  • Alert on repeated attempts

Redaction Strategies

Standard Placeholders

Default replacements for common data types:
Data TypePlaceholderExample
Email[EMAIL_REDACTED][email protected] becomes [EMAIL_REDACTED]
Phone[PHONE_REDACTED]555-123-4567 becomes [PHONE_REDACTED]
SSN[SSN_REDACTED]123-45-6789 becomes [SSN_REDACTED]
API Key[API_KEY_REDACTED]sk-abc123 becomes [API_KEY_REDACTED]
Credit Card[CARD_REDACTED]4532-****-****-9012 becomes [CARD_REDACTED]

Custom Placeholders

Configure application-specific replacements: 
{
	"patterns": [
		{
			"type": "employee_id",
			"regex": "EMP\\d{6}",
			"placeholder": "[EMPLOYEE_ID]"
		},
		{
			"type": "customer_account",
			"regex": "CUST-[A-Z0-9]{8}",
			"placeholder": "[CUSTOMER_ACCOUNT]"
		}
	]
}

Partial Redaction

Show partial information for usability while protecting sensitive parts:
  • Credit cards: 4532-****-****-9012
  • Emails: j***@company.com
  • Phone numbers: ***-***-4567

Best Practices

Bidirectional Scanning

Scan both requests and responses to protect data in both directions

Custom Patterns

Add your organization’s sensitive data formats for better detection

Monitor & Tune

Monitor false positives and tune detection to avoid blocking legitimate use

User Education

Train teams on what not to include in prompts

Regular Audits

Review logs for attempted or successful leaks

Layered Protection

Combine with access controls and encryption for defense in depth

Compliance Support

Data leakage prevention helps meet regulatory requirements:
  • HIPAA: Protects patient health information (PHI)
  • PCI DSS: Prevents credit card data exposure
  • GDPR: Safeguards EU personal data
  • SOC 2: Demonstrates data protection controls
  • CCPA: Protects California consumer data
Data leakage prevention addresses:
  • LLM06: Sensitive Information Disclosure (OWASP Top 10)
  • LLM03: Training Data Poisoning (extraction prevention)
  • LLM10: Model Theft (via data extraction)