In a company's risk assessment, the team is classifying risks specific to generative AI. What is the risk called where confidential information a user enters in a prompt, or sensitive data a model has learned, is unintentionally leaked to the outside through output or logs?
A question about choosing the name of the risk where confidential information leaks.
Exposure of confidential information
Correct. Exposure of confidential information is the risk where confidential information entered in a prompt or sensitive data the model has learned is unintentionally leaked to the outside through output or logs. Mitigate it by not entering sensitive data and by masking.
Hallucination
Hallucination is the risk of plausibly generating content that is not based on fact.
It is a matter of misinformation, not a matter of confidential information leaking, so this is incorrect.
Prompt injection
Prompt injection is an attack that hijacks the model's behavior through input.
It is an attack technique, not the classification name for an unintended leak risk (though it can be a means of causing exposure), so this is incorrect.
Data drift
Data drift is the problem where the input distribution shifts from training time and accuracy drops.
It is a matter of quality degradation, not a leak of confidential information, so this is incorrect.
Note the correct answer, exposure (leakage) of confidential information.
- The risk where confidential information entered in a prompt, or sensitive data the model has learned, is unintentionally leaked to the outside through output or logs.
- Mitigate it by not entering sensitive data, masking, and protecting logs.