AI/ML, Data Security, Privacy

Expert flags misuse of AI chatbot messages

Free browser add-ons for tools like ad blocking or VPN access could be overriding a browser's XMLHttpRequest () and fetch() features, allowing them to copy every question and answer users exchanged with AI chatbots such as DeepSeek, ChatGPT, Claude, and Gemini, according to The Register.

In a report shared with The Register, AI expert Lee S. Dryburgh said the data is stored in a searchable database and sold to customers via API access. Although users are assigned pseudonymized IDs, the conversations themselves are kept in full and often include highly sensitive information such as birth dates, immigration status disclosures, medical information, and names. Dryburgh said he ran 205 searches on a VC-backed generative engine optimization platform and retrieved roughly 490 unique prompts across 20 sensitive categories from at least 435 users.

His most alarming finding is reportedly that "healthcare workers are pasting real patient data into AI chatbots, and that data is now a commercial database."

Findings also include discussions about mental health, medical diagnoses, financial hardship, clinical patient data, and immigration status, raising serious privacy and legal concerns.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

AuthenticityBlock CipherByteCertificate-Based AuthenticationCryptanalysisCryptographic Algorithm or HashData AggregationData Loss Prevention (DLP)DecryptionDigital Envelope

You can skip this ad in 5 seconds