incident-response-trainer
Incident response training · Rule-based scoring
DemoCatalogHistoryDashboard
← Back to catalog
CybersecurityeasyShadow AI Sensitive-Data ExposureHigh asset
Scenario

DLP flagged customer records pasted into an unsanctioned public AI chatbot

A easy Cybersecurity scenario on Shadow AI Sensitive-Data Exposure.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 6 templates in this Track + Difficulty pool.

catalog id · shadow-ai-sensitive-data-exposure

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Shadow-AI data-exposure triage
  • Scope-before-notify discipline for third-party data leaks
MITRE ATT&CKmitre-attack
  • Exfiltration Over Web Service · ExfiltrationT1567 · TA0010
    PartialMedium confidence

    Trains reasoning about sensitive data leaving to a public web AI service.

MITRE D3FENDmitre-d3fend
  • Network Traffic AnalysisD3-NTA
    MappedHigh confidence

    Trains use of DLP and web-proxy telemetry to scope the exposure.

  • User Account PermissionsD3-UAP
    MappedMedium confidence

    Trains restricting the unsanctioned-tool usage that caused the leak.

NIST CSF 2.0nist-csf-2
  • Continuous Monitoring · DetectDE.CM · DE
    MappedHigh confidence

    Trains detection from DLP and web-proxy telemetry.

  • Data Security · ProtectPR.DS · PR
    MappedMedium confidence

    Trains data-handling controls for sensitive records.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains scoping exactly what data was exposed before notifying.

  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains containment via category blocking and vendor deletion requests.

CISA Cybersecurity Performance Goalscisa-cpg
  • Vendor/Supplier Cybersecurity Requirements2.R
    MappedMedium confidence

    Trains governance of an unsanctioned third-party AI tool.

  • Detecting Relevant Threats and TTPs3.A
    MappedMedium confidence

    Trains detection of unsanctioned data egress to GenAI services.

CIS Controls v8cis-controls
  • Data ProtectionControl 3
    MappedHigh confidence

    Trains the data-protection control the scenario exercises.

  • Security Awareness and Skills TrainingControl 14
    MappedMedium confidence

    Trains the awareness baseline that reduces shadow-AI pastes.