Attacks and threats

Data exfiltration (AI agents)

Data exfiltration is when an AI agent is manipulated into sending sensitive data, such as secrets or personal information, to a destination the attacker controls.

Also called: data leakage

Definition

What is data exfiltration by AI agents?

For agents, data exfiltration usually rides on a tool call. After a prompt injection or a poisoned tool result, the agent is steered to read something sensitive, a secret, an API key, customer records, and then pass it to an outbound tool: an HTTP request, an email, a webhook, or a URL rendered back to the attacker. The agent believes it is completing a normal task.

Exfiltration is detectable at the action layer because the payload is present in the tool call: the destination and the sensitive value are right there in the arguments. Inspecting outbound calls for secrets and personal data, and blocking or holding calls that would send them off to an untrusted destination, stops the leak at the last step, even when the model has already been fooled.

FAQ

Common questions.

How does an AI agent leak data?

Typically through an outbound tool call after an injection: the agent reads something sensitive and then sends it via an HTTP request, email, or webhook to a destination the attacker chose. The sensitive value and destination are visible in the call's arguments.

Govern the actions, not just the vocabulary

AxioRank scores every tool call your agents make for leaked secrets, PII, destructive operations, and prompt injection, checks it against your policy, and proves it in a tamper-evident audit log. Start free, no card.