Harmonic Security researchers analyzed thousands of prompts submitted to ChatGPT, Copilot, Gemini, and Claude and found that 8.5% contained sensitive data — including penetration test results, network configurations, customer insurance claims, and proprietary source code. HN53 also covers threat actors hiding info stealers (LumaStealer, Vidar, MARS Stealer) in YouTube comments and Google Ads disguised as legitimate software download guides.
Stories Covered
Employees Are Leaking Sensitive Data Through GenAI Prompts
Harmonic Security analyzed thousands of prompts submitted by enterprise users to public GenAI platforms — ChatGPT, Microsoft Copilot, Google Gemini, Anthropic Claude, and Perplexity — and found that 8.5% contained sensitive data. At scale, that ratio compounds fast: 85 sensitive submissions per thousand prompts, across an entire organization’s daily usage.
Customer data makes up the largest slice at 45.77% — with specific examples like employees pasting insurance claims containing personal customer information to speed up processing. Employee data (performance reviews, HR records) accounts for 27%. Legal and financial data comes in at 14.88%. Security-related data — penetration test results, network configurations, backup plans — sits at 6.88%, and proprietary source code at 5.64%. The last two categories are the smallest in volume but are growing the fastest and carry the highest blast radius: a network config or pen test report submitted to a public LLM essentially hands an attacker a blueprint of your environment before they even scan the network.
The mechanism of harm is twofold. First, public LLM providers’ terms of service typically allow user-submitted data to be used for training — meaning sensitive submissions may be learned from and potentially surfaced later via savvy prompts, vulnerabilities, or breaches. Second, threat actors are already using ChatGPT as a recon tool to surface publicly available knowledge about targets; if proprietary configuration data ends up in the training set, that pool of reconnaissance just got significantly deeper.
The fix is organizational, not technical: train employees not to submit customer data, configs, or code into public AI tools; configure API access with data-retention opt-outs where available; and evaluate on-premises or private-API LLM deployments for any workflow that touches sensitive data.
Info Stealers Hidden in YouTube Comments and Google Search Results
Trend Micro researchers uncovered a campaign distributing info stealers — LumaStealer, Vidar, MARS Stealer, and others — through fake software installation tutorials on YouTube and through poisoned Google search results for pirated or cracked software. Threat actors post videos posing as setup guides, then bury malicious download links in video descriptions or comments, pointing to files hosted on MediaFire and Mega.nz to obscure the origin and complicate takedown.
The campaign exploits two trust signals simultaneously: YouTube’s perceived legitimacy as a platform, and the appearance of a high-ranking search result or a channel with credible-looking tutorial content. LumaStealer is sold as malware-as-a-service — the same model as legitimate SaaS — and is specifically built to harvest passwords, session cookies, and cryptocurrency wallet data. Once an info stealer runs, every credential and session stored on that machine is compromised, regardless of any other protections in place.
The defense is simple but requires discipline: download software only from official sources or verified storefronts. Piracy-adjacent download sites are one of the highest-density environments for info stealer delivery, and distinguishing a legitimate installer from a trojaned one without executing it requires security tooling most users do not have. If you are an IT or security professional managing endpoints, blocking known file-hosting domains used for malware delivery (MediaFire, Mega.nz in untrusted contexts) at the network level is a practical mitigation.





