AI data leakage occurs when sensitive business information is exposed through prompts, outputs, or copied content in AI-assisted workflows. In browser-driven work, the risk is often accidental rather than malicious, so governance depends on data rules, usage policy, and session controls.
Expanded Definition
AI data leakage is broader than a simple prompt mistake. It includes sensitive data leaving approved boundaries through pasted context, uploaded files, model outputs, browser extensions, chat history, or agent actions that reuse information across sessions. In practice, the term sits at the intersection of data governance, Anthropic’s first AI-orchestrated cyber espionage campaign report, and NHI control design, because an AI Agent can inherit access to data that a human user should never freely expose.
Definitions vary across vendors, especially where they blur the line between intentional sharing, prompt injection, and data exfiltration. NHI governance treats leakage as a control failure: the business did not constrain what data could be seen, transformed, or retained by the AI workflow. That is why the issue is not only about model risk, but also about session scope, secret handling, RBAC, and whether browser-based tools can write sensitive context into logs or caches. The most common misapplication is treating AI data leakage as a pure training-data problem, which occurs when organisations ignore live workflow exposure in approved tools and focus only on whether a model was trained on confidential content.
Examples and Use Cases
Implementing AI data leakage controls rigorously often introduces friction, because users want low-resistance copying, summarisation, and drafting while security teams need tight data boundaries and auditability.
- A finance analyst pastes a draft board memo into a public AI chat, and the output is later copied into an email thread with broader distribution.
- An engineering team connects an AI assistant to a ticketing system, then the assistant exposes API keys from a resolved incident note during summarisation.
- A browser extension captures page content from a customer portal and sends it to an LLM, creating silent leakage from an authenticated session.
- An autonomous agent uses tool access to search internal documents, then reuses confidential context in a reply that is visible to a wider audience.
These scenarios are closely related to the patterns described in the 52 NHI Breaches Analysis and the Guide to the Secret Sprawl Challenge, where unmanaged credentials and overexposed context become operational liabilities. In an enterprise setting, the DeepSeek breach is a reminder that AI systems can leak both through data handling mistakes and through the surrounding infrastructure that stores or routes sensitive content.
Why It Matters in NHI Security
AI data leakage matters because it often reveals the same sensitive material that attackers seek in NHI compromise: credentials, tokens, internal process details, and privileged context. Once leaked, that data can fuel account takeover, lateral movement, and unintended persistence across multiple AI tools. NHIMG research shows why this should be treated as an operational issue, not a theoretical one: in the Ultimate Guide to NHIs — Key Research and Survey Results, 88% of security professionals said they are concerned about secrets sprawl, and the average time to mitigate a leaked secret is 36 hours.
That delay is especially damaging when leaked data originates in browser-driven work, because exposure can cascade through screenshots, copied prompts, cached sessions, and downstream automation. Teams should align leakage controls with The 52 NHI breaches Report and enforce data classification, masked output rules, and session-specific access limits for agents and assistants. Organisations typically encounter the consequence only after a confidential prompt, secret, or customer record has already left the approved boundary, at which point AI data leakage becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Addresses improper secret handling and data exposure in NHI workflows. |
| OWASP Agentic AI Top 10 | LLM-04 | Covers agent tool use and unintended disclosure through generated output. |
| NIST CSF 2.0 | PR.DS | Data security outcomes map to preventing unauthorized disclosure in AI workflows. |
Constrain agent tool access and review outputs before they can disclose sensitive context.
