Oversharing is the unintended disclosure of sensitive or restricted information by an AI system. It can happen through prompts, retrieval, output generation, or connector scope, and it becomes a governance issue when access controls do not match the sensitivity of the underlying data.
Expanded Definition
Oversharing occurs when an AI system reveals sensitive or restricted information beyond the intended audience, often because prompts, retrieval scopes, connector permissions, or output filters are broader than the data’s sensitivity. In NHI and agentic AI environments, the issue is not limited to model behaviour. It is usually a governance failure across identity, access, and data boundaries.
Definitions vary across vendors, but the security pattern is consistent: a system is allowed to see more than it should, then faithfully discloses that excess through chat, summaries, tool calls, or embedded context. That makes oversharing different from hallucination, because the system may be accurate while still being unsafe. It also differs from simple misconfiguration because the exposure often emerges only when the model is queried in a specific way or when a connector inherits overly broad access. The NIST Cybersecurity Framework 2.0 is useful here because it anchors the need to govern access, protect data, and monitor outputs as part of a single control surface.
The most common misapplication is treating oversharing as a prompt-injection problem alone, which occurs when organisations ignore connector scope, inherited permissions, and downstream output paths.
Examples and Use Cases
Implementing oversharing controls rigorously often introduces tighter permission design and more review overhead, requiring organisations to weigh conversational usefulness against exposure risk.
- An enterprise assistant connected to a document repository returns a full salary spreadsheet because the connector inherited a broad reader role instead of a filtered search scope.
- A support agent exposes internal incident notes after a user asks for a harmless summary, because retrieval was not segmented by classification or business need.
- An AI coding assistant reveals API keys embedded in a configuration file, showing how secrets can leak when developer tooling is granted excessive read access.
- A finance workflow agent surfaces customer identifiers and payment metadata into a chat transcript because output controls were not aligned with data sensitivity and retention rules.
NHI Mgmt Group’s Ultimate Guide to NHIs notes that 97% of NHIs carry excessive privileges, which helps explain why oversharing often starts with over-permissioned machine identities rather than the model itself. In practice, teams should test for leaks across prompts, retrieval, tool calls, and connector scope, not just in the final answer. For a standards baseline on protecting information flows, NIST Cybersecurity Framework 2.0 is a useful reference point.
Why It Matters for Security Teams
Oversharing turns AI from a productivity layer into a data exposure channel. Once sensitive content leaves the intended boundary, the issue is not only confidentiality loss but also compliance impact, legal discovery risk, and reputational harm. For security teams, the practical challenge is that oversharing often looks like normal system output until someone notices that the answer contained data the requester should never have seen.
This is especially important for NHI and agentic AI governance because the same service account, token, or connector that enables automation can also amplify disclosure. NHI Mgmt Group reports that 79% of organisations have experienced secrets leaks, and 77% of those incidents caused tangible damage, which shows how quickly overexposure can become real loss when machine identities are not tightly scoped. The mitigation model therefore has to combine least privilege, retrieval filtering, output governance, and continuous access review. The most effective controls are usually the ones that prevent the model from seeing sensitive material in the first place.
Organisations typically encounter the impact only after an employee, customer, or auditor receives an answer containing restricted data, at which point oversharing becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST AI RMF and NIST SP 800-63 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Access permissions must match data sensitivity to prevent AI oversharing. |
| OWASP Non-Human Identity Top 10 | NHI-02 | Excessive machine identity privilege directly increases oversharing risk. |
| OWASP Agentic AI Top 10 | A2 | Agentic AI guidance addresses unsafe tool use and unintended disclosure paths. |
| NIST AI RMF | AI risk management requires identifying and mitigating disclosure harms. | |
| NIST SP 800-63 | Identity assurance principles support tighter access decisions for AI-connected users and services. |
Verify requester identity and enforce privilege boundaries before allowing sensitive retrieval.
Related resources from NHI Mgmt Group
- Why does Microsoft 365 oversharing become an identity governance issue?
- How should security teams use DSPM to reduce oversharing risk in AI-enabled environments?
- Who should be accountable when a verification flow allows oversharing?
- How should security teams control AI oversharing in enterprise copilots?