highexperimentalLinuxAI/MLT1048

LLM Service Copying Prompt Templates To Temp Or Public Path

Detects file copy or move operations targeting system prompt or guardrail files as sources, with destinations in temporary or web-accessible directories. This indicates staged exfiltration of confidential prompt material.

Updated Jan 15, 2025 · Detection Engineering Team

llmsystem-prompt-leakagelinuxexfiltrationowasp-llm07

Problem Statement

Copying confidential prompt material to staging or public web paths is the first step of a two-stage exfiltration. This detection catches the staging phase before the data leaves the host.

Sample Logs

{"timestamp":"2025-01-15T20:05:33Z","computer_name":"llm-host-01","user":"llm_svc","image":"/bin/cp","command_line":"cp /opt/llm/config/system_prompt.txt /tmp/exfil_prompt.txt"}

Required Fields

image

command_line

user

computer_name

False Positives

·Approved deployment scripts that distribute prompt templates across hosts

Tuning Guidance

Cross-reference with subsequent outbound network connections from the same host to identify the full exfiltration chain.