Findings
No output scanning
Updated: June 19, 2025
Description
The AI model does not scan its output for known-bad signatures of malicious or dangerous content.
This lack of output filtering increases the risk of generating harmful responses, including spam, phishing attempts, or malware signatures, which could be exploited by bad actors.
If the model generates and outputs malicious content unchecked, it could inadvertently facilitate cyberattacks. Attackers could leverage this weakness to distribute phishing emails, generate malware payloads, or propagate spam, leading to security breaches, reputational harm, or regulatory violations.
Remediation
Implement scanning mechanisms that detect and block known-bad signatures of viruses, spam, and phishing attempts in AI-generated output.
Security Frameworks
Improper Output Handling refers specifically to insufficient validation, sanitization, and handling of the outputs generated by large language models before they are passed downstream to other components and systems. Since LLM-generated content can be controlled by prompt input, this behavior is similar to providing users indirect access to additional functionality.
Adversaries may abuse their access to a victim system and use its resources or capabilities to further their goals by causing harms external to that system. These harms could affect the organization (e.g. Financial Harm, Reputational Harm), its users (e.g. User Harm), or the general public (e.g. Societal Harm).
Reputational harm involves a degradation of public perception and trust in organizations. Examples of reputation-harming incidents include scandals or false impersonations.
Societal harms might generate harmful outcomes that reach either the general public or specific vulnerable groups such as the exposure of children to vulgar content.
User harms may encompass a variety of harm types including financial and reputational that are directed at or felt by individual victims of the attack rather than at the organization level.