T5-AT-011MEDIUM
Error Message Mining
T5 · Model & API Exploitation →Risk score165
RatingMedium
Procedures10
Severity
Mechanism
LLM API error responses are generated by multiple layers — the model itself, the inference framework, the API gateway, the safety classifier, and the orchestration layer. The design assumption is that error messages provide enough information for debugging without leaking sensitive internal details. The gap: each layer produces error messages independently, and their composition reveals implementation details.
Detection
- Monitor for systematic error-probing patterns: many 4xx/5xx responses from a single source
- Alert on requests designed to trigger errors (null models, extreme parameters, malformed JSON)
- Detect sequential boundary-probing patterns (incrementing token lengths, varying payload structures)
- Log and flag path traversal patterns in model name fields
Mitigation
Standardized generic error messages (no internal details)HIGH
Error message scrubbing (strip paths, versions, stack traces)HIGH
Rate-limit error responses (slower response to repeated errors)MEDIUM
Separate debug/verbose errors behind admin authenticationHIGH
Chaining
Error message mining is the reconnaissance technique that feeds all other T5 techniques. Framework identification feeds T5-AT-006 (API Endpoint Abuse with known endpoint patterns).
Framework mapping
Open in the technique browser →OWASP LLMLLM06
MITRE ATLASAML.T0001