Risk Confluence

Exfiltration Confluence

Exfiltration confluence is present when an agent possesses the combination of capabilities required to read sensitive data and transmit it to unauthorized external recipients.

Condition definition

Exfiltration confluence requires three capabilities in combination.

The first capability is access to data classified as restricted, confidential, or higher. The agent can read information that would cause harm if disclosed to unauthorized parties.

The second capability is the ability to process external content. The agent accepts input from sources outside organizational control including user inputs, web content, API responses, or uploaded documents.

The third capability is the ability to transmit data to external destinations. The agent can send information outside organizational boundaries through email, webhooks, API requests, or file uploads.

Detection requirements

Systems shall evaluate agent capability sets against the exfiltration confluence condition. Evaluation occurs when capabilities are granted and continuously during operation.

Detection at grant time identifies confluence when a new capability creates the combination. Continuous detection identifies confluence that emerges through capability accumulation.

Response controls

When exfiltration confluence is detected, systems shall require human approval for any transmission containing data from restricted sources.

Alternative response controls may apply when human approval is operationally infeasible, including enhanced monitoring, mandatory output sanitization, or capability restriction.

Previous
Understanding confluence
Next
Persistence confluence