CCC.Vector.TH03: Cross-modal or Metadata Leakage
Threat ID:CCC.Vector.TH03
Title:Cross-modal or Metadata Leakage
Description:
Attackers may infer sensitive information through metadata filters or by correlating embeddings across modalities (e.g., voice and face), bypassing surface-level access controls.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Vector.CP04 | Metadata Filtering | Supports structured filtering on metadata fields alongside vector similarity search queries. |
| CCC.Vector.CP10 | Multi-modal Vector Support | Supports storing and searching across vectors derived from multiple modalities (e.g., text, image, audio). |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
FINOS-AIGF | AIR-SEC-002 | 0 | Information Leaked to Vector Store |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.Vector.CN03 | Enforce Metadata-Level Access Controls | Apply access control policies to metadata fields used in filtering to prevent unauthorized exposure or inference. | Vector Indexing | 2 | 3 | 1 |