How to fix: sensitive data leaking into prompts

Cause

Secrets, PII, or proprietary data are being sent to a model provider inside prompts, often unintentionally.

The fix

1Inventory where prompts are sent and under what data agreements.
2Add redaction at the boundary to strip secrets and PII before requests leave your network.
3Set and enforce a data-residency policy in tooling, not just documentation.
4For regulated data, use self-hosted inference so nothing sensitive leaves your environment.
5Audit logs and prompts for what’s actually being sent — assumptions are usually wrong.

Prevent it

Treat every prompt as an egress channel: redact at the boundary, enforce residency in code, and self-host where the law requires it.

What causes “sensitive data leaking into prompts”?

Secrets, PII, or proprietary data are being sent to a model provider inside prompts, often unintentionally.

How do I prevent “sensitive data leaking into prompts” from recurring?

Treat every prompt as an egress channel: redact at the boundary, enforce residency in code, and self-host where the law requires it.