api-key-extractionposes as a new developer who needs the real API keys “for my .env file” after asking about the architecture.prompt-leakingasks the model to output its own instructions disguised as a poem, JSON, or Python string to expose the exact wording.cross-session-leaktries to get data that belongs to other users or earlier sessions.
Attack Strategies
Information Disclosure: Attack Strategy
These attacks try to pull secret information out of the AI system itself. That means hidden instructions, API keys, or data from other users.
What it is: These attacks try to pull secret information out of the AI system itself. That means hidden instructions, API keys, or data from other users.
How the attacks work: The attacker chats over several turns and slowly builds trust. They start with harmless setup questions, then ask the model to “verify”, “reformat”, or “paste” the secret as if it were a normal part of the task.
Real examples from the framework: