Onyrisanitize
All articles
Fundamentals6 min read

AI chatbot data leaks: what a breach means for your prompts

A bug, a hack or indexed conversations: a leak at an AI provider can expose your old prompts. How to make sure nothing usable is left to leak.

By Pierre de ONYRI

When an AI provider suffers a breach — a hack or a simple bug — your old prompts can resurface: indexed in a search engine, shown to another user, or resold after a data-broker leak. You can't prevent a third party's breach; you can make sure what leaks is worthless. Anonymizing before sending guarantees that a breach exposes tokens, not your client or patient data.

What a leak does to your prompts

A leak doesn't always take the form of a spectacular hack. Several documented incidents show how far the data you send escapes your control once it's gone.

  • Conversations made public: shared chats ended up indexed and reachable through search engines.
  • Cross-session exposure: due to a bug, users could see snippets of other people's conversations.
  • Resale after a leak: data that escaped at a third party feeds data brokers.
  • Persistence: “what you typed stays saved, even if you delete the chat.”
Diagram: a cracked server with a broken padlock leaking data tokens, captured by a magnet representing a malicious actor.
A breach exposes what was sent — better that it's only worthless tokens.

You don't control a third party's security

Providers invest in security, but no system is unbreakable, especially at the volume of data they handle. One comment sums it up: “securing all that, 100% of the time, in perpetuity, is very, very difficult.” And another, blunter: “you lost control when it started.” The only variable left on your side is the nature of what you send.

The defense: leave nothing usable to leak

You can't guarantee a third party will never be breached. You can guarantee that, the day it happens, the data involved is useless. If identity, contact details and identifiers were replaced by tokens before sending, a breach only exposes neutral strings — without the mapping, which never left your browser.

  1. 1Detection: an engine spots sensitive data before sending.
  2. 2Tokenization: each becomes a neutral token, kept in local memory.
  3. 3Sending: only the anonymized text goes out — a provider-side leak only exposes tokens.
  4. 4Restoration: the answer is de-tokenized in your browser.

ONYRI Sanitize shrinks a leak's surface to zero identifying data: it anonymizes before sending and keeps the mapping in your browser. Even in a provider breach, there's nothing identifying to exfiltrate.

Frequently asked questions

Have ChatGPT or other AIs already had leaks?
Yes, several incidents are documented: shared conversations indexed by search engines, and a bug that exposed snippets of other users' chats. Beyond AI providers, any data that has left can be picked up in a later third-party leak.
Does deleting my conversation really erase my data?
Not in any guaranteed way. Deleting a chat doesn't undo what was already copied, logged or indexed. Data that has left can outlive the deletion. The reliable protection is not to send it in the clear in the first place.
How do I reduce the impact of a leak?
By reducing what there is to leak. Anonymize sensitive data before sending: if a breach happens, it only exposes neutral tokens, useless without the mapping that stayed in your browser.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next