S0053Significant

提示詞中無意洩露機密資訊

Operation & Monitoring

Risk Description

Users unintentionally input confidential business information, personal privacy data, or protected intellectual property in prompts during AI interactions. This information may be logged by AI service providers, used for model training, or indirectly accessible through other users queries in multi-tenant environments. Enterprise employees using public AI services to process internal documents has become a common source of major security incidents.

Framework Mappings

iso 23894R1
tw principle隱私保護與數據治理
tw risk type部署互動問題(Deployment Interaction)

Controls English translation pending

  • 敏感資訊過濾閘門
  • AI 使用政策教育

Implementation Steps English translation pending

  1. 部署提示詞敏感資訊偵測閘門,自動識別並警告機密內容
  2. 制定企業 AI 使用政策,明確禁止在公共 AI 服務中輸入機密資訊
  3. 提供企業內部部署的 AI 替代方案,確保數據不離開組織
  4. 定期舉辦 AI 安全意識培訓,教育員工辨識敏感資訊風險