A context leak happens when sensitive material is pulled into an AI agent's prompt or working context even though the user did not intend it to be processed. In development workflows, this often occurs when agents read configuration files, logs, or copied snippets that contain secrets.
Expanded Definition
Context leak is broader than a simple secret leak. It occurs when an AI agent or assistant ingests material that was not meant to shape its reasoning, such as pasted logs, copied configuration files, attached runbooks, or retrieved workspace data that includes credentials, tokens, or internal-only instructions. In NHI governance, the risk is not only exposure of the secret itself but also the agent’s ability to reuse that context across tool calls, summaries, and follow-on actions.
Definitions vary across vendors, but the practical boundary is clear: if the agent should not have seen the material to complete the task, then the context has leaked into the working set. This matters in agentic workflows because tool-using systems can transform incidental data into durable operational memory, especially when prompts are logged, rehydrated, or chained across sessions. Guidance in the Ultimate Guide to NHIs — Why NHI Security Matters Now and the Anthropic — first AI-orchestrated cyber espionage campaign report both point to how agent context can become an attack surface when sensitive operational material is introduced casually.
The most common misapplication is treating any AI output that mentions a secret as a context leak, when the real issue is that the secret was already exposed in the agent’s input path.
Examples and Use Cases
Implementing context controls rigorously often introduces workflow friction, requiring organisations to weigh faster automation against tighter input filtering and review.
- An engineering agent reads a .env file from a pasted repository bundle and absorbs API keys that were never intended for analysis.
- A support agent ingests incident logs containing session tokens, then includes those values in a summary forwarded to another team.
- A code-review assistant is given a full deployment manifest and picks up embedded service account details that should have been redacted before upload.
- A workflow agent linked to a ticketing system pulls attached screenshots and export files, accidentally processing customer identifiers alongside the requested debug data.
- A retrieval-augmented agent references a shared drive note with rotation instructions and stale credentials, creating confusion about which NHI controls are current.
These scenarios map directly to the secret sprawl patterns highlighted in the Guide to the Secret Sprawl Challenge, where sensitive data is scattered across code, logs, and collaboration tools. They also mirror the operational realities described in the 2024 State of Secrets Management Survey, which shows how hard it is to centralise and govern secrets once they are spread across working artifacts.
Why It Matters in NHI Security
Context leaks matter because AI agents often sit close to privileged NHI material: service account credentials, API keys, certificates, and operational instructions. When those values enter the agent’s context, they can be echoed, stored, routed through tools, or exposed in downstream logs. NHIMG research shows that 79% of organisations have experienced secrets leaks, with 77% resulting in tangible damage, which is why context hygiene is a governance issue rather than a prompt-tuning detail.
In practice, context leak often reveals deeper control failures: weak redaction, poor attachment handling, uncontrolled copy-paste into agent interfaces, and missing guardrails around retrieval sources. Once an agent has processed sensitive context, incident responders must assume the material may have influenced outputs, traces, and tool actions even if the original file is later deleted. That is why zero standing privilege, strict secret isolation, and least-context access should be applied together, not separately, as described in the Ultimate Guide to NHIs — Why NHI Security Matters Now.
Organisations typically encounter the operational impact only after a secret has been copied into an agent thread or an incident transcript, at which point context leak becomes unavoidable to investigate and contain.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Addresses improper secret handling and exposure in NHI workflows. |
| OWASP Agentic AI Top 10 | Covers prompt injection and unsafe context handling in agentic systems. | |
| NIST CSF 2.0 | PR.AA | Identity and access controls apply to who and what can expose sensitive context. |
Prevent agents from ingesting secrets by redacting inputs and constraining tool-visible context.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 8, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org