# LLM Sensitive Information Disclosure

- ID: python-llm-sensitive-info-disclosure
- Severity: HIGH
- CWE: Information Exposure (CWE-200)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.

Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data

## Detection Message

Potential sensitive information disclosure: {issue_type}

## Remediation

Use Presidio to anonymize PII before sending to LLM APIs.

```python
from presidio_analyzer import AnalyzerEngine
from presidio_anonymizer import AnonymizerEngine

analyzer = AnalyzerEngine()
anonymizer = AnonymizerEngine()

def anonymize_text(text: str) -> str:
    results = analyzer.analyze(text=text, language='en')
    return anonymizer.anonymize(text=text, analyzer_results=results).text

safe_message = anonymize_text(user_message)
```

Learn more: https://shoulder.dev/learn/python/cwe-200/llm-sensitive-info-disclosure

## Documentation

[object Object]

## Related Rules

- **Environment Variable Secret Exposure** [HIGH]: 
- **LLM Model Theft** [HIGH]: 
- **LLM Sensitive Information Disclosure** [HIGH]: 
- **Sensitive Field Exposure in API Response** [CRITICAL]: 
- **Environment Variable Secret Exposure** [HIGH]: