Data Exfiltration

The unauthorized transfer of data out of a system - by an attacker, a compromised agent, or a careless prompt. The failure mode data controls exist to prevent.

Data exfiltration is the theft or leakage of data from a controlled environment to an outside party. It is the adversarial end of data egress: where egress is any outward flow, exfiltration is the flow you did not intend - staged by malware, an insider, or, increasingly, an AI agent tricked into sending data somewhere it should not.

AI creates new exfiltration paths: a prompt that smuggles secrets to a third-party model, an agent coaxed by indirect prompt injection into emailing a database, a tool result that quietly carries data out. Bounding these means inspecting what leaves at the boundary and scoping what any agent can reach, so a single manipulated request cannot drain far more than the task required.

All terms

Govern AI like infrastructure.

Talk to our team about deploying DataStrict across your enterprise stack.