Findings

Base64-encoded content detected in AI logs

Updated: June 19, 2025

findings log based findings api finding

Description

Severity: Medium

Base64-encoded data has been found in AI logs.

Base64 itself is not harmful, its presence may hide sensitive or unexpected information-such as secrets, tokens, or entire documents-that bypasses regular log filters or monitoring tools.

Base64 content in logs may indicate attempts to obfuscate data, misuse of the system, or improper data handling. It can also lead to compliance issues if sensitive content is being stored without proper controls.

Example Attack

An internal user sends a prompt to an AI model containing a Base64-encoded file for processing. The full encoded string is logged by the system. Later, security teams discover the string contains a decoded PDF with customer financial data, unintentionally exposing confidential information in the logs. This creates both a security risk and a compliance violation.

Remediation

Review the AI logs to understand what content is being encoded and why. If Base64 data is not expected, update input validation and logging rules to detect and block encoded payloads. Inspect the source of this data and ensure sensitive content like API keys, credentials, or files is not being transmitted or logged in this format.

Need help?

Contact FireTail support

Previous (Findings - Log based findings)
AWS secrets found in logs
Next (Findings - Log based findings)
Basic Authentication found in logs