Data exfiltration successful

Tactic:

TA0010-exfiltration

Technique:

T1567-exfiltration-over-web-service

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect successful data exfiltration from AI-enabled services. This detection identifies when an attacker has successfully manipulated an LLM to leak sensitive information, including PII, credentials, or other confidential data. Unlike blocked attempts, these are confirmed security incidents requiring immediate response.

Strategy

Monitor application security events for successful (unblocked) data exfiltration using @ai_guard.attack_categories:data-exfiltration and -@ai_guard.blocked:true. Integration with Sensitive Data Scanner (@ai_guard.sds.categories) enables precise classification of the leaked data type.

Signal severity is determined as follows:

  • CRITICAL — Data exfiltration was not blocked and included PII or credentials (@ai_guard.attack_categories:data-exfiltration -@ai_guard.blocked:true @ai_guard.sds.categories:(pii OR credentials)). This represents a confirmed data breach with potential regulatory implications.
  • HIGH — Data exfiltration was not blocked, either containing other sensitive data categories or unclassified data (@ai_guard.attack_categories:data-exfiltration -@ai_guard.blocked:true). This represents a security incident requiring investigation.

Triage and response

IMMEDIATE ACTIONS:

  1. Enable blocking mode — Immediately enable AI Guard in blocking mode for the affected service or tool to prevent further exfiltration.
  2. Block the sourceBlock the attacking IP addresses to interrupt ongoing exploitation.
  3. Review LLM responses — Inspect the flagged requests and LLM responses to identify exactly what data was exfiltrated.

INCIDENT INVESTIGATION: 4. Determine breach scope — Identify all affected users, sessions, and data records that may have been exposed. 5. Forensic analysis — Review:

  • Request patterns leading to exfiltration
  • System prompts and their effectiveness
  • Input sanitization gaps
  • Output filtering weaknesses
  1. Root cause analysis — Determine how the attacker bypassed AI Guard protections (if enabled) or why blocking mode was not active.

REMEDIATION: 7. User notification — For critical signals with PII/credentials, notify affected users according to your incident response plan. 8. Regulatory reporting — Assess reporting obligations under GDPR, CCPA, or other applicable data protection regulations. 9. Harden defenses — Update system prompts, implement stricter output filters, and enhance input sanitization. 10. Security review — Conduct a comprehensive security review of your AI service architecture and data access patterns.