T10-AT-015HIGH
Anonymization Reversal
T10 · Integrity & Confidentiality Breach →Risk score225
RatingHigh
Procedures10
Severity
Mechanism
Anonymization reversal de-anonymizes data supposedly made safe through k-anonymity, l-diversity, t-closeness, pseudonymization, or generalization. The fundamental vulnerability is that anonymization assumes a static threat model — a fixed amount of auxiliary information available to the attacker. In practice, attackers accumulate auxiliary data over time from breaches, public records, social media, and other model outputs.
Detection
- Re-identification risk scoring: proactively test anonymized datasets against known auxiliary sources
- Query pattern analysis: detect systematic probing correlating anonymized data with quasi-identifiers
- Multi-attribute query monitoring for de-anonymization-typical combinations
- Behavioral anomaly: sequential queries systematically narrowing an anonymity set
Mitigation
Differential privacy (formal guarantee)HIGH
k-Anonymity + l-Diversity + t-Closeness (layered)MEDIUM
Synthetic data generationHIGH
Data minimizationHIGH
Chaining
De-anonymization transforms "safe" datasets into PII-rich sources feeding all T10 extraction and inference techniques. In the LLM context, de-anonymized training data enables T10-AT-001 (Training Data Extraction) to target specific individuals.
Framework mapping
Open in the technique browser →OWASP LLMLLM02
MITRE ATLASAML.T0024.000