PII Extraction Techniques

Unlike T10-AT-001 which extracts arbitrary memorized content, PII extraction specifically targets the model's tendency to complete structured personal data patterns. The vulnerability arises because PII appears in training data within predictable templates (email headers, employee directories, medical forms, contact pages). The model learns these templates as high-confidence patterns, and when prompted with partial templates, the conditional probability of emitting real PII exceeds the probability of generating plausible fakes.

• Input classifiers detecting entity-type probing patterns (company+names, domain+emails, region+IDs)
• Output scanning for structured PII patterns using NER with high-sensitivity thresholds
• Rate limiting on queries that systematically vary a single organizational or geographic parameter
• Behavioral anomaly: sequential queries scoped to the same organization/domain signal enumeration

Extracted PII feeds T10-AT-006 (Inference Attack Chains) for cross-referencing with external datasets, and enables T10-AT-015 (Anonymization Reversal) by providing linkage keys for de-anonymization.