Prompt-time data exposure is the risk that sensitive information is shared with an AI model at the moment a user submits input. Unlike classic data transfer events, this happens inside an ordinary workflow and can be accidental, making context-aware policy and inspection essential.
Expanded Definition
Prompt-time data exposure occurs when sensitive information enters an AI request at the moment of submission, often through normal work activity rather than a deliberate export. The risk is not limited to the prompt text itself; it can include pasted logs, customer records, source code, API keys, or internal incident notes that a user drops into a chatbot or agent to get help quickly. In NHI and agentic AI environments, the concern expands further because prompts may be routed through tools, retained in logs, or reused in downstream workflows. Definitions vary across vendors on whether the exposure is only the prompt payload or also the surrounding context, so governance teams should define the boundary explicitly. For broader AI governance context, NIST’s AI Risk Management Framework is useful for mapping this risk to data handling and oversight expectations. The most common misapplication is treating prompt-time exposure as a generic data loss problem, which occurs when teams ignore the fact that the sensitive disclosure happens inside an approved, everyday task flow.
Examples and Use Cases
Implementing prompt-time data exposure controls rigorously often introduces friction, requiring organisations to balance user speed against inspection, redaction, and policy enforcement at the point of use.
- A developer pastes a production stack trace into an AI assistant, unintentionally including bearer tokens and internal hostnames. The request is useful, but the model now sees secrets that should never leave the engineering boundary.
- An analyst asks an agent to summarise a customer complaint thread and includes account numbers, contact details, and case notes. Context-aware filtering should detect the data before submission, not after the fact.
- A security team reviews the NHI breach patterns described in The 52 NHI breaches Report alongside the Anthropic report on AI-orchestrated cyber espionage to understand how prompt handling can become part of a broader attack chain.
- A support agent uses an AI tool to draft a response from an internal incident ticket containing passwords, access tokens, and remediation notes. The prompt succeeds functionally, but the workflow creates unnecessary disclosure and retention risk.
- An organisation compares preventive controls with the guidance in the Guide to the Secret Sprawl Challenge and applies pre-submit scanning to stop credential leakage before the model receives input.
Why It Matters in NHI Security
Prompt-time data exposure matters because it turns ordinary user behavior into a high-value disclosure event. Once a secret, token, certificate, or confidential record is entered into an AI system, the organisation may lose control over where that data is stored, copied, logged, or later resurfaced. This is especially serious for NHI security because many incidents start with exposed credentials rather than sophisticated model compromise. NHI Mgmt Group research shows that 79% of organisations have experienced secrets leaks, and 77% of those incidents caused tangible damage, which makes prompt hygiene a direct governance issue rather than a niche AI concern. The scale of the problem is amplified by the fact that 96% of organisations store secrets outside secrets managers in vulnerable locations, as documented in Ultimate Guide to NHIs — Key Research and Survey Results, and the same exposure patterns often reappear in prompts. The companion overview Ultimate Guide to NHIs — Why NHI Security Matters Now is useful for framing why secret visibility and least-privilege controls must extend to AI usage. Organisations typically encounter the consequence only after a token has been reused, a record has been retained, or an agent has echoed sensitive content into another system, at which point prompt-time data exposure becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Prompt leakage often exposes secrets and tokens addressed by improper secret management. |
| NIST AI RMF | Defines governance and risk treatment for AI data handling and leakage risks. | |
| NIST CSF 2.0 | PR.DS | Prompt-time exposure is a data security and protection issue under data handling controls. |
Classify prompt inputs, apply safeguards, and monitor AI data flow risks continuously.
