Data Leakage in AI: Addressing Risks in LLM Systems
🔐 This article explains how sensitive data commonly leaks from AI systems — from RAG retrievals and agentic tool chains to user-initiated oversharing — and why LLMs cannot enforce document-level permissions. It recommends a layered, defense-in-depth approach: automatic identification and classification, data minimization at ingress, sanitization, redaction, and strict access controls that follow data through the pipeline. The authors also stress threat modeling and vendor due diligence to limit regulatory, competitive, and reputational harm.
