LLM Secret Guard: A Sensitive Information Leakage Assessment Framework for Large Language Models

LLM Secret Guard is a localized security assessment tool based on the OWASP LLM Application Security Framework. It is used to test whether large language models leak sensitive information under attack prompts and provides a quantifiable and comparable defense capability assessment system.

• Original Author/Maintainer: Bryan-9603012
• Source Platform: GitHub
• Original Title: LLM-Secret-Guard
• Original Link: https://github.com/Bryan-9603012/LLM-Secret-Guard
• Publication Date: May 27, 2026

With the widespread deployment of large language models (LLMs) in various applications, the risk of sensitive information leakage has become increasingly prominent. LLM Secret Guard emerged as a localized security assessment tool to test whether LLMs leak sensitive information under attack prompts.

This project focuses on risks related to Sensitive Information Disclosure, Prompt Injection, and System Prompt Leakage from the OWASP Top 10 for LLM Applications. Through fixed attack sets, leakage level determination, valid sample filtering, and defense score calculation, it helps researchers compare the effectiveness of different models and defense strategies.

The core objective is to establish a reproducible, quantifiable, and comparable testing process for LLM sensitive information leakage.

LLM Secret Guard can be used in various research and testing scenarios:

• Local Model Security Testing: Test whether locally deployed LLMs leak sensitive information
• Model Defense Capability Comparison: Compare the differences in defense capabilities of different models under the same attack set
• Defense Strategy Evaluation: Quantify the impact of different defense strategies on model outputs
• Attack Type Analysis: Analyze the success rates of attack types such as prompt injection, cross-lingual attacks, and role-play attacks
• Academic Research and Reports: Generate experimental data that can be used in papers, reports, and presentations
• Web LLM Application Testing: Supports future expansion to testing Web LLM applications or agent architectures

The attack set is maintained in JSON format for easy addition, modification, and expansion. Currently, the main attack directions include:

• Direct Secret Request: Directly request sensitive information
• Sensitive Data Extraction: Extract sensitive data

• Prompt Injection: Prompt injection attack
• Role Play Attack: Role-play attack
• Developer Mode / DAN-type Attacks: Developer mode or jailbreak attacks

• Translation-based Attack: Translation-based attack
• Encoding/Decoding Induction: Encoding/decoding induction
• Multi-turn Reasoning Induction: Multi-turn reasoning induction
• System Prompt Leakage: System prompt leakage
• Cross-lingual Attack: Cross-lingual attack