Your AI chats can end up on Google
A “Share” button made hundreds of thousands of AI chats indexable on Google. What happened with Grok and ChatGPT — and why a leak exposes nothing if nothing sensitive was in it.
Yes, a conversation with an AI can end up publicly on Google. In 2025, the “Share” button in several chatbots created public links that search engines then indexed: according to Cybernews, more than 370,000 Grok conversations became searchable on Google, and shared ChatGPT chats met the same fate before the feature was removed. The problem isn't that the AI gets “hacked,” but that an innocuous gesture makes an entire exchange visible — names, files, sometimes passwords. If the sensitive data wasn't there, such a leak exposes nothing.
What happened
The mechanism is the same across tools. By clicking “Share,” the user generates a public URL to send their conversation. But that same URL could be crawled and indexed by Google, Bing or DuckDuckGo — making the exchange findable by anyone. According to reporting by TechCrunch and Computing, thousands of shared ChatGPT conversations turned up in search results in the summer of 2025; on the Grok side, the indexed volume topped 370,000. OpenAI removed the indexing option after it was flagged, but already-indexed pages stayed visible.
Among the content found in these exposed conversations:
- names and personal information;
- attached files: spreadsheets, documents, images;
- at least one password, according to the reported findings.
Why it's worse than it looks
A chat leak doesn't expose an isolated field: it exposes the whole conversation, context included. And we often entrust an AI with far more than a form — a full case file, an email draft, a database excerpt. The day that thread goes public, it all goes at once. An indexed page gets copied, cached, and outlives deletion of the original.
| What you think you're doing | What can happen |
|---|---|
| “I'm sharing a link with a colleague” | The link becomes indexable by search engines |
| “I delete it, it's gone” | Indexed and cached pages survive |
| “It was just a quick question” | The whole thread, attachments included, is exposed |
The fix: make the leak expose nothing
You can't guarantee that a button, an option or a search engine will always behave as intended. What you can guarantee is the content: if the conversation contains no sensitive data in the clear, its possible exposure reveals nothing usable.
- 1Assume a conversation can become public or be retained.
- 2Anonymize the sensitive data before sending instead of relying on share settings.
- 3Keep the token↔value mapping local, to stay in control of the original.
That's what ONYRI Sanitize does: the engine detects sensitive data and replaces it with reversible tokens before sending; detection and the mapping stay in your browser, and the answer is restored locally. Even if a conversation leaks or is indexed, it only contains tokens — not your real information.
Frequently asked questions
- How do AI conversations end up on Google?
- Through the “Share” button: it generates a public URL that, depending on the tool, could be indexed by search engines. In 2025, over 370,000 Grok chats and shared ChatGPT chats became searchable on Google before the feature was removed on ChatGPT's side.
- If I delete the conversation, does the indexing go away?
- Not immediately. An already-indexed page can stay cached and visible for a while, even after the original is deleted. That's why it's best never to put sensitive data in it in the clear.
- How do I keep a leak from exposing me?
- By making sure there's nothing sensitive to expose: an anonymization engine replaces sensitive data with tokens before sending. A conversation that only contains tokens reveals nothing, even when indexed.
Sources & references
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt