Data Exfiltration Prevention
What This Requires
Prevent sensitive data leakage through LLM outputs: classify data inputs, redact/mask sensitive fields, filter outputs, and audit data flows. Require DLP integration for high-risk systems.
Why It Matters
LLMs can memorize and regurgitate training data or context. Attackers use injection to extract credentials, PII, or proprietary data. Multi-layer prevention is critical.
How To Implement
Data Classification
Tag data as Public, Internal, Confidential, Restricted. Block Restricted data from LLM context entirely. For Confidential, require redaction (mask SSN, credit cards).
Input Redaction
Before sending to LLM, scan inputs for sensitive patterns (SSN regex, API key format). Replace with placeholders ([REDACTED_SSN], [REDACTED_KEY]).
Output Filtering
Scan LLM responses for leaked secrets (high-entropy strings, known patterns). If detected, block response and log incident.
DLP Integration
For high-risk systems, integrate with enterprise DLP (e.g., Microsoft Purview, Forcepoint). Alert on policy violations (attempt to send PII to external LLM).
Evidence & Audit
- Data classification policy with LLM-specific rules
- Input redaction implementation (code, regex patterns)
- Output filtering configuration and test results
- DLP integration documentation for high-risk systems
- Data flow audit logs