Base64-encoded content detected in AI logs

firetail:insight-b64-encoded-content-in-ai-logs

Type:

Detection

Rule Severity:

Medium

Base64-encoded data has been found in AI logs.

Base64 itself is not harmful, its presence may hide sensitive or unexpected information—such as secrets, tokens, or entire documents—that bypasses regular log filters or monitoring tools.

Base64 content in logs may indicate attempts to obfuscate data, misuse of the system, or improper data handling. It can also lead to compliance issues if sensitive content is being stored without proper controls.

Remediation

Review the AI logs to understand what content is being encoded and why. If Base64 data is not expected, update input validation and logging rules to detect and block encoded payloads. Inspect the source of this data and ensure sensitive content like API keys, credentials, or files is not being transmitted or logged in this format.

Example Attack Scenario

An internal user sends a prompt to an AI model containing a Base64-encoded file for processing. The full encoded string is logged by the system. Later, security teams discover the string contains a decoded PDF with customer financial data, unintentionally exposing confidential information in the logs. This creates both a security risk and a compliance violation.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Schema build failure
Unconstrained additional properties
Average request header size reduced
Insecure host (OAS2)
PHP injection found in logs
AWS Secrets Found in AI Logs