保護DataHogo
Security Encyclopedia/AI & LLM Security
mediumCWE-359OWASP LLM02:2025

Excessive AI Context

Your app sends entire database records, config files, or secrets as context to an AI model, exposing far more data than the task requires.

How It Works

Bigger context windows make it tempting to just dump everything into the prompt. But sending full database rows, environment variables, or internal configs to an external AI API means that data leaves your infrastructure entirely. Even if the provider is trustworthy today, you're creating unnecessary data exposure risk and likely violating your own privacy policy.

Vulnerable Code
// BAD: sending entire config and DB record as AI context
const config = require('./config.json'); // contains DB_URL, API_KEYS...
const userRecord = await db.findOne({ id: userId }); // full row with PII
const prompt = `Context: ${JSON.stringify(config)} User: ${JSON.stringify(userRecord)}\nQuestion: ${question}`;
Secure Code
// GOOD: extract only the specific fields needed
const relevantData = {
  userName: userRecord.display_name, // no email, no PII
  plan: userRecord.plan,
  createdAt: userRecord.created_at
};
const prompt = `User context: ${JSON.stringify(relevantData)}\nQuestion: ${question}`;

Real-World Example

A startup building an AI coding assistant was found to be sending entire .env files and package.json configs as context to their model. This was discovered during a security audit — their users' API keys and database URLs were flowing to a third-party AI provider.

How to Prevent It

  • Apply the principle of least privilege to AI context: only include fields the model needs for the specific task
  • Never include environment variables, config files, or secrets in AI context
  • Create a dedicated 'AI-safe' view or DTO that strips sensitive fields before sending to any model
  • Review token usage — bloated prompts are often a sign of over-sharing data
  • Document what data you send to external AI APIs in your privacy policy and data map

Affected Technologies

Node.jsPython

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

Prompt Injection

high

User input is concatenated directly into an LLM prompt, letting attackers override your instructions and make the AI do things you never intended.

CWE-77OWASP LLM01:2025

PII Leakage to AI Models

high

Your app sends personally identifiable information — emails, names, passwords, phone numbers — to external AI APIs, exposing user data to third-party model providers.

CWE-359OWASP LLM02:2025

AI Response Without Validation

medium

LLM output is rendered or executed directly without checking whether it matches the expected format or contains harmful content.

CWE-116OWASP LLM02:2025

AI API Key in Frontend

critical

Your OpenAI, Anthropic, or other AI API key is exposed in client-side code, where anyone can steal it and rack up charges on your account.

CWE-312OWASP LLM09:2025