1. A SaaS company offers an LLM-based coding assistant. Their terms of service state that user code submissions will not be used for model training. A customer discovers their proprietary algorithm appearing verbatim in another user's LLM-generated suggestion. The customer files a complaint. Beyond the training data opt-out violation, which additional AI governance concern does this incident MOST clearly raise?
- A. Model denial of service due to excessive context window usage
- B. Training data memorization leading to potential IP leakage and confidentiality breach✓ Correct
- C. Insecure output handling causing cross-site scripting in the frontend
- D. A violation of the EU AI Act's transparency obligation for general-purpose AI models
Explanation
The incident demonstrates training data memorization: the model has retained and reproduces verbatim content from a user's code submission, causing intellectual property leakage to another user — a serious confidentiality breach compounding the opt-out violation. Model denial of service relates to availability attacks, not content reproduction. Insecure output handling refers to unsanitized LLM outputs triggering downstream system vulnerabilities like XSS, not IP leakage. The EU AI Act transparency obligation requires providers of general-purpose AI models to disclose training data, but the customer's complaint is about confidentiality and IP leakage, not a lack of transparency disclosure.