LEAK.

18 prompt-injection attempts logged across 6 LLM-backed surfaces. 4 successfully exfiltrated the system prompt. 1 surface returned PII from training data on adversarial query.

The system prompt isn't a secret. The data behind it shouldn't be either.

PL-009 · support-chatbot PII LEAK

Returned 3 names + emails on direct adversarial extraction.

Strip PII from training set, add output filter, redeploy.