Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Data Leakage Vectors

Data Leakage Vectors

Section titled “Data Leakage Vectors”

5 automated security scanners

AI Generated Output Sharing

Section titled “AI Generated Output Sharing”

Purpose: The AI-Generated Output Sharing Scanner is designed to identify and alert about the inadvertent sharing of sensitive information through generated content across public repositories on platforms like GitHub. This tool helps organizations safeguard their intellectual property by detecting potential data leakage vectors where AI-generated outputs might be exposed unnecessarily.

What It Detects:

  • Generated Content Detection: Identifies patterns indicative of AI-generated text in repository descriptions, README files, and commit messages.
  • Repository Sharing Analysis: Scans GitHub repositories associated with the target domain to find shared codebases that may contain sensitive information.
  • Code Snippet Leakage: Detects code snippets or scripts generated using AI tools and are publicly available.
  • Output Repositories Identification: Identifies repositories storing output from various processes, which might include sensitive data.
  • Domain-Specific Content Search: Searches for content related to the specified company name within public repositories, ensuring focus on relevant information specific to the target organization.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations concerned with the protection of their intellectual property and sensitive data from unauthorized exposure. It helps in identifying potential security risks associated with the inadvertent sharing of generated content, which could lead to significant data leakage incidents if not addressed promptly.

Risk Levels:

  • Critical: Findings that directly compromise critical business functions or expose highly sensitive information.
  • High: Findings that significantly increase the risk of data exposure without immediate impact on core operations but with potential long-term consequences.
  • Medium: Findings that indicate a moderate level of risk, potentially affecting multiple aspects of the organization’s security posture.
  • Low: Findings that suggest minimal risk and are generally considered to have low impact on the organization’s objectives.
  • Info: Informational findings that provide insights but do not pose immediate risks or expose sensitive data.

If specific risk levels are not defined in the README, they can be inferred based on the severity of the potential impacts described.

Example Findings:

  1. A repository contains a detailed description and content indicative of AI-generated text, which could potentially reveal proprietary information about the company’s research and development processes.
  2. An open-source project includes code snippets that suggest automated generation using AI tools, which might lead to unauthorized access or exposure of sensitive data stored in related repositories.

Collaborative AI Workspace Exposure

Section titled “Collaborative AI Workspace Exposure”

Purpose: The Collaborative AI Workspace Exposure Scanner is designed to identify and alert about potential risks associated with shared AI project environments, team communications, sensitive data repositories, and other vulnerabilities that may expose internal company processes and confidential information.

What It Detects:

  • Shared AI Project Environments: Identifies publicly accessible GitHub repositories containing AI project code or configurations, indicating collaboration tools or shared workspaces.
  • Team Prompts and Documentation: Scans for team communication in GitHub issues, pull requests, and README files that may reveal internal strategies or sensitive data.
  • Result Repositories: Detects repositories containing AI model results, datasets, or logs that could be sensitive, indicating potential data breaches or unauthorized access.
  • Subdomain Discovery: Uses Certificate Transparency logs to discover subdomains hosting collaborative environments or data repositories, suggesting shared workspaces and collaboration platforms.
  • Breach History and Security Incidents: Checks for breach history associated with the company’s domain using HaveIBeenPwned API and searches for security incidents through news articles and public disclosures.

Inputs Required:

  • domain (string): The primary domain to analyze, such as acme.com, which helps in searching for potential shared environments or sensitive data repositories.
  • company_name (string): The company name is used for specific searches within GitHub organizations and issues related to team prompts and documentation.

Business Impact: This scanner plays a crucial role in safeguarding internal processes and confidential information by identifying unauthorized access points, sensitive data exposure, and potential security vulnerabilities that could lead to significant risks such as data breaches or intellectual property theft.

Risk Levels:

  • Critical: Identifies publicly accessible repositories containing AI project code or configurations without proper authorization.
  • High: Scans for team communication in GitHub issues, pull requests, and README files revealing internal strategies or sensitive data.
  • Medium: Detects repositories containing AI model results, datasets, or logs that could be sensitive but may not directly lead to significant risks unless exploited further.
  • Low: Discovery of subdomains using Certificate Transparency logs suggesting shared workspaces without direct exposure to sensitive information.
  • Info: Checks for breach history and mentions in news articles about security incidents which provide informational insights rather than immediate risk.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  1. A publicly accessible GitHub repository named “acmecorp-ai” contains sensitive AI project code without any authorization settings that could lead to unauthorized access and data exposure.
  2. Internal team discussions in a GitHub issue titled “#project_strategy” reveal potential strategic information about the company’s upcoming projects, indicating high risk of internal leakage unless properly secured.

AI Model Training Uploads

Section titled “AI Model Training Uploads”

Purpose: The AI_Model_Training_Uploads Scanner is designed to identify and detect fine-tuning datasets, custom model creation, and adaptation data related to AI models by analyzing publicly available sources such as GitHub repositories, news articles, job postings, and SEC filings. This tool helps in identifying potential data leakage vectors associated with sensitive training data, ensuring compliance with data security policies and regulations.

What It Detects:

  • Fine-Tuning Dataset References: Identifies mentions of datasets used for fine-tuning AI models within code repositories and news articles.
  • Custom Model Creation Indicators: Detects references to custom model development processes, including terms related to model training, architecture design, and deployment.
  • Adaptation Data Identification: Identifies data used for adapting pre-trained models to specific use cases, looking for mentions of adaptation techniques and associated datasets.
  • Code Repository Analysis: Scans GitHub repositories for code related to AI model training and adaptation, focusing on specific file types containing relevant keywords.
  • News and Job Board Mentions: Analyzes news articles and job postings for mentions of AI model development and data usage, particularly in relation to sensitive datasets.

Inputs Required:

  • domain (string): The primary domain to analyze, such as “acme.com”.
  • company_name (string): The company name for statement searching, e.g., “Acme Corporation”.

Business Impact: This scanner is crucial for organizations aiming to safeguard their sensitive data and comply with regulatory standards related to AI model development. It helps in identifying potential risks associated with unauthorized access or leakage of internal datasets during the training process, thereby enhancing overall security posture.

Risk Levels:

  • Critical: The scanner identifies direct references to specific datasets or detailed descriptions of model training processes within public repositories that could lead to unauthorized data exposure.
  • High: The presence of generic terms related to AI model development and sensitive information in publicly available job postings or news articles, indicating potential risks without explicit dataset details.
  • Medium: Indirect mentions of AI model development activities in public sources with no specific dataset references but still indicative of high risk due to the nature of AI data usage.
  • Low: Informal mentions of AI model training within general discussions that do not specifically reference datasets or sensitive information.
  • Info: Non-specific alerts about potential AI model development activities without clear evidence of dataset details or specific risks.

Example Findings:

  1. A GitHub repository contains a file with the keyword “fine-tuning” and a direct mention of “sensitive_dataset.csv”, indicating a critical risk due to explicit data reference.
  2. A news article mentions “Acme Corporation” using AI models for fine-tuning without specifying which dataset, qualifying as a high-risk finding based on contextual evidence.

Prompt Sharing Platforms

Section titled “Prompt Sharing Platforms”

Purpose: The Prompt Sharing Platforms Scanner is designed to detect and alert about unauthorized sharing of company prompts, LLM interaction logs, and example repositories on public platforms such as GitHub. This tool aims to prevent data leakage and safeguard sensitive information from falling into the wrong hands.

What It Detects:

  • Shared Company Prompts: Identifies instances where internal company prompts are inadvertently shared publicly, potentially exposing confidential business strategies or operational details.
  • LLM Interaction Logs: Detects logs of interactions with Large Language Models (LLMs) that may contain proprietary data and should be protected from public exposure.
  • Example Repositories: Finds repositories containing example code or documentation which might reveal internal processes or sensitive configurations, posing a risk for unauthorized access.
  • Breach Mentions: Identifies mentions of data breaches, security incidents, unauthorized access, and compromised information in public records to ensure transparency and immediate action on potential threats.
  • Tech Stack Disclosure: Detects disclosures of the technology stack used by the company on job boards or other platforms, helping to maintain a secure environment for development and operations.

Inputs Required:

  • domain (string): The primary domain to analyze, which helps in searching relevant data across different online platforms.
  • company_name (string): The name of the company is crucial for keyword searches within documents and logs that might reveal internal processes or sensitive information.

Business Impact: This scanner plays a vital role in safeguarding intellectual property and ensuring compliance with data protection regulations by identifying unauthorized sharing of sensitive materials on public platforms. It helps organizations maintain a secure digital footprint and prevent potential security incidents that could lead to significant financial and reputational damage.

Risk Levels:

  • Critical: Conditions where there is clear evidence of prompt or log sharing without proper authorization, directly exposing company secrets to competitors or malicious actors.
  • High: Situations where internal documents containing proprietary information are found in public repositories on platforms like GitHub, indicating a potential breach of data access controls.
  • Medium: When sensitive configurations or example code snippets related to company projects are discovered within publicly accessible repositories, posing a risk of unauthorized exposure.
  • Low: Informal mentions of breaches or security incidents that do not contain specific details but should be monitored for trends and potential future impacts.
  • Info: General disclosures about technology stack on external platforms which could indicate broader information sharing practices without critical impact on company data security.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  1. A repository containing internal meeting notes detailing upcoming product launches was mistakenly shared publicly, potentially disclosing future business strategies to competitors.
  2. An LLM interaction log snippet from a public GitHub repository revealed detailed conversations about new software features, which should not be accessible without explicit permission due to its potential impact on development timelines and competitive advantage.

AI Tool Credential Management

Section titled “AI Tool Credential Management”

Purpose: The AI_Tool_Credential_Management Scanner is designed to identify and report potential risks associated with the unauthorized storage of sensitive information such as API keys, sharing of authentication credentials, and weak token management practices across various public data sources. This tool aims to help organizations proactively detect and mitigate security vulnerabilities that could lead to data leakage or compromise.

What It Detects:

  • API Key Storage Detection: Identifies instances where API keys are stored in publicly accessible repositories or codebases, which can be a significant risk as these keys can be misused by malicious actors.
  • Authentication Sharing Identification: Detects the sharing of authentication credentials through public forums and platforms, increasing the likelihood of unauthorized access to sensitive data.
  • Token Security Vulnerabilities: Identifies potential security issues related to token management, such as hard-coded tokens or weak encryption practices, which can lead to unauthorized usage and exposure of sensitive information.
  • Breach Mentions and Security Incidents: Detects mentions of data breaches, security incidents, and other unauthorized access events in public records, indicating a need for immediate attention and improved security measures.
  • Technology Stack Disclosure: Identifies disclosures about the technology stack used by an organization, which can reveal potential vulnerabilities or misconfigurations that might be exploited by attackers.

Inputs Required:

  • domain (string): The primary domain to analyze, such as acme.com, providing the scope of the scan for identifying sensitive information.
  • company_name (string): The company name used for searching related statements and disclosures, helping in pattern matching and data collection from various sources.

Business Impact: This scanner is crucial for any organization handling sensitive API keys, authentication credentials, or digital tokens as it helps in safeguarding critical business information against potential threats. By identifying unauthorized storage and sharing of such credentials, the tool contributes to maintaining a secure environment that protects organizational assets and customer data from cyber threats.

Risk Levels:

  • Critical: Conditions where sensitive API keys are directly exposed in code or stored in unprotected files can lead to immediate unauthorized access and significant data exposure.
  • High: Sharing authentication credentials through public channels increases the risk of credential stuffing attacks, where stolen credentials are used to gain unauthorized access to multiple systems.
  • Medium: Weak token management practices, such as hard-coding tokens in applications, can be exploited by malicious users for various purposes including phishing and data theft.
  • Low: Informational findings about technology stack disclosures might not directly impact security but could indicate areas where best practices are lacking or need improvement.
  • Info: These are less severe risks that provide general insights into the organization’s technical setup but do not pose immediate threats to security.

Example Findings:

  1. An instance of api_key being found in a publicly accessible GitHub repository, which could lead to unauthorized access if misused by third parties.
  2. A mention of “data breach” in the company’s public newsroom section, indicating potential exposure of sensitive customer data and requiring immediate response from IT security teams.