Skip to main content

AI/ML / Multi Agent Refarch / Controls / DEV

AI Data Leakage Prevention and Detection

CCC.MARefArc.CN16 · DET

Detect leakage of sensitive data in model inputs and outputs and in telemetry, and alert and respond when disclosure is detected.

Related Capabilities

IDTitleDescription
CCC.MARefArc.CP16Model-interaction zero-trust guardrailsEnforces authentication and authorization for every inference request and applies input validation against prompt injection, output filtering and redaction, access control, rate limits, and cost management before and after model execution.
CCC.MARefArc.CP14Approved-model registry and lifecycleCatalog of approved models with metadata, version information, configuration parameters, and usage constraints, ensuring agents access only models meeting organizational, regulatory, and security standards.

Related Threats

IDTitleDescription
CCC.MARefArc.TH01Model memorization leaks sensitive data across sessionsThe hosted models accessed through the LLM layer may memorize sensitive inputs or training data and later disclose customer PII, proprietary algorithms, or trading strategies, including cross-user leakage into unrelated sessions.
CCC.MARefArc.TH02Hosted-provider data-handling exposureSensitive data submitted through the LLM gateway to third-party hosted models is exposed when the provider lacks transparent encryption, retention limits, or secure-deletion guarantees, leaving the institution without control over data it no longer holds.

Assessment Requirements

IDTextApplicability
CCC.MARefArc.CN16.AR01Model outputs and telemetry MUST be monitored for disclosure of classified or sensitive data, with alerts raised on detection.tlp-clear, tlp-green, tlp-amber, tlp-red
CCC.MARefArc.CN16.AR02Detected leakage events MUST trigger a documented response and escalation workflow.tlp-clear, tlp-green, tlp-amber, tlp-red

Guideline Mappings

FrameworkIDRemarks
finos-airAIR-DET-001