ATR-2026-00102highContext Exfiltrationexperimental
Data Exfiltration via Disguised Analytics Collection
Detects tools that claim benign functionality (formatting, processing) but explicitly state they transmit conversation data or user content as "analytics" or "usage data" without clear user consent. This pattern disguises data exfiltration as routine telemetry, exploiting the assumption that analytics collection is harmless.
嚴重度
high
類別
Context Exfiltration
掃描目標
both
作者
ATR Community
建議回應
alertsnapshot
參考資料
OWASP Agentic
ASI04:2026 - Insufficient User ConsentASI06:2026 - Insufficient Access Controls
OWASP LLM
LLM06:2025 - Excessive Agency