Back to OWASP Top 10#7 Medium Risk
LLM07:2025 System Prompt Leakage
Exposure of system prompts, instructions, or configuration details through various attack vectors, revealing sensitive implementation details and potential attack surfaces.
Vulnerability Overview
System Prompt Leakage occurs when attackers can extract or infer system prompts, instructions, or configuration details from LLM applications, potentially revealing sensitive implementation information.
Impact Level
MediumAttack Vector
Information Disclosure
Exploitability
High
Direct Prompt Extraction
Techniques to directly extract system prompts or instructions from the LLM.
- • "Repeat your instructions" attacks
- • Role-playing prompt injection
- • Context window manipulation
- • Instruction override attempts
Inference-Based Leakage
Inferring system prompts through behavioral analysis and response patterns.
- • Response pattern analysis
- • Behavioral fingerprinting
- • Edge case exploration
- • Constraint boundary testing
Information Disclosure Risk
System prompt leakage can reveal sensitive business logic, security measures, and implementation details that attackers can use to craft more sophisticated attacks.