Last week, my friend Mark received an email that made his blood run cold. Someone had accessed his ChatGPT history and was threatening to release his personal conversations unless he paid a ransom. Nothing illegal was in those chats. Just private thoughts. Work frustrations. A draft of a letter he never sent to his ex-wife.
He paid. The blackmailer demanded more.
Mark is not alone. According to Infoqraf’s investigation, security researchers have identified critical flaws in 17 AI companion apps on Google Play, potentially exposing private chat histories in services used by more than 150 million people. The same researchers found that millions of sensitive conversations, including therapy sessions, medical advice, and intimate personal confessions, are being stored insecurely by AI companion apps, leaving them vulnerable to hackers and accidental exposure.
The convenience of AI assistants comes with a hidden price. And most people are paying it without even knowing.
The New Privacy Landscape: What Has Changed
Five years ago, privacy concerns about AI were theoretical. Today, they are urgent and immediate.
The fundamental issue is that AI assistants, especially the new generation of agentic AI, need access to your data to be useful. Your emails. Your calendar. Your documents. Your location history. Your browsing habits. Your voice. Your face.
This access creates unprecedented opportunities for productivity. But it also creates unprecedented risks.
In February 2026, a federal magistrate ordered OpenAI to produce records of conversations with AI assistants, raising serious questions about whether personal or business discussions with AI assistants are discoverable in court. A putative class action lawsuit filed in December 2025 involving AI meeting assistants and transcription tools has exposed significant legal exposure when organizations deploy these tools without appropriate governance.
The White House recently released a comprehensive AI policy framework requiring federal agencies to ensure that their use of AI respects privacy and civil rights. Major technology companies are scrambling to update their terms of service and data handling practices.
But the rules are still being written. And in the meantime, you are responsible for your own safety.
What Data Are AI Assistants Actually Collecting?
Let me be specific about what these tools know about you.
When you use ChatGPT, OpenAI collects your account information, your conversation history, your device information, your approximate location, and your usage patterns. If you upload files, those files become part of your data. If you enable voice conversations, your voice recordings are stored.
Google Gemini collects all of the above, plus everything else Google already knows about you. Your search history. Your YouTube watch history. Your email contents. Your calendar appointments. Your location history from Google Maps.
Microsoft Copilot collects your work data. Every Word document you edit. Every Excel spreadsheet you open. Every email you send. Every meeting you attend. Every file you share.
Meta AI, integrated into Facebook, Instagram, and WhatsApp, collects your social media activity, your messages, your posts, your likes, your friends, and everything else you have ever done on those platforms.
The list goes on. Perplexity collects your search queries. Claude collects your writing. Every AI assistant is a data vacuum.
The Security Flaws That Should Terrify You
Infoqraf researched the most recent security findings and found patterns that are genuinely alarming.
Researchers have discovered that AI assistants are vulnerable to prompt injection attacks, where malicious instructions hidden in seemingly innocent text can trick the AI into revealing sensitive information or taking harmful actions. An attacker could send you an email containing hidden instructions that, when summarized by your AI assistant, cause it to forward your private data to a server they control.
AI assistants are also vulnerable to membership inference attacks, where attackers can determine with high accuracy whether specific personal information was included in the AI’s training data. This means that even if you have not directly shared your data with an AI assistant, the assistant might still have absorbed it from public sources and could inadvertently reveal it.
The most direct risk is simple data leakage. In 2025, a bug in ChatGPT allowed some users to see the titles of other users‘ conversation histories. The bug was fixed, but it revealed how fragile these systems can be.
How to Lock Down Your AI Assistant: Step by Step
Do not panic. But do take action. Here is exactly what you need to do.
Step 1. Review Your Privacy Settings Right Now
Every AI assistant has privacy settings. Most people never open them.
In ChatGPT, go to Settings > Data Controls. Turn off “Improve the model for everyone” unless you are willing to have your conversations used for training. This setting determines whether OpenAI can use your chats to train future versions of ChatGPT. With it on, your conversations become part of the model. With it off, they are deleted after thirty days.
In the same menu, find “Export data” and run an export to see exactly what OpenAI has stored about you. Review it. You might be surprised.
In Google Gemini, go to your Google Account > Data & Privacy > Gemini App Activity. You can choose how long your activity is saved. Three months, eighteen months, or until you delete it manually. Set it to the shortest period you can tolerate. Also turn off “Personalize Gemini across Google products” unless you want your assistant to access your search history and YouTube habits.
In Microsoft Copilot, go to Settings > Privacy. Turn off “Model improvement” and set conversation retention to the minimum period available.
Step 2. Delete Your Conversation History Regularly
Do not let your conversations accumulate indefinitely. Set a calendar reminder once a month to delete your history.
In ChatGPT, go to Settings > Data Controls > Delete all conversations. You can also delete individual conversations.
In Gemini, your activity is managed through your Google Account. Delete it regularly.
In Copilot, conversations are tied to your Microsoft account. Delete them through the dashboard.
Step 3. Use Separate Assistants for Separate Contexts
This is one of the most effective security practices. Do not use the same AI assistant for everything.
Use one assistant for work. Use a different assistant for personal matters. Use a third assistant, with a completely separate account, for anything sensitive like medical research or financial planning.
This compartmentalization means that a breach in one context does not expose everything.
Step 4. Never Share Sensitive Information
This should be obvious, but it bears repeating. Do not put your social security number, your credit card information, your home address, your passwords, your medical diagnoses, your legal problems, or your intimate relationship details into any AI assistant.
Even if the assistant promises privacy, even if you trust the company, do not do it. The data could be leaked. It could be subpoenaed. It could be used against you.
If you need to use AI for sensitive topics, use a local AI model that runs entirely on your own device with no internet connection. Tools like Ollama, GPT4All, and LM Studio allow you to run powerful AI models locally. They are less capable than ChatGPT, but they keep your data completely private.
Step 5. Use Strong Authentication
Enable two-factor authentication on every AI assistant account you have. Use a password manager to generate and store unique, complex passwords. Do not reuse passwords across different assistants.
If you use AI assistants on mobile devices, enable biometric locks. Face ID or fingerprint. Do not leave your phone unlocked where someone else could access your assistant.
Step 6. Be Careful with Third Party Integrations
Many AI assistants allow you to connect them to other services. Your calendar. Your email. Your document storage. Your project management tools.
Each integration is a new point of vulnerability. Before you connect anything, ask yourself: does this integration actually help me enough to justify the risk? If the answer is not a clear yes, skip it.
Step 7. Keep Software Updated
AI assistants update constantly. Each update fixes security flaws. Do not delay updates. Enable automatic updates wherever possible.
What Companies Are Not Telling You
The AI industry has a dirty secret. Most of their security promises are legally meaningless.
When an AI company says “we do not sell your data,” they are telling the truth about a very narrow definition of “sell.” They can still use your data to improve their models. They can still share your data with contractors and business partners. They can still be forced by court order to hand over your conversations.
When an AI company says “your conversations are private,” they mean “private from other users.” They do not mean “private from us” or “private from law enforcement.”
When an AI company says “we use industry standard encryption,” they are telling the truth, but encryption protects data in transit, not data at rest on their servers. Once your data is stored, encryption does not prevent company employees or hackers who breach the company from accessing it.
According to Infoqraf’s investigation, the only way to have true privacy with AI is to use tools that are designed for privacy from the ground up, or to run models locally on your own hardware.
Privacy Focused AI Assistants Worth Considering
If you are serious about privacy, here are alternatives to the mainstream assistants.
DuckDuckGo AI Chat is a free, anonymous way to access multiple AI models including ChatGPT, Claude, and Llama. Your chats are not stored, not used for training, and your IP address is not logged. The tradeoff is that you cannot have long, persistent conversations or personalized assistants.
Local AI models running through Ollama or GPT4All give you complete control. The AI runs entirely on your computer. No data ever leaves your device. The tradeoff is that you need a reasonably powerful computer, and the models are smaller and less capable than ChatGPT.
Brave Leo is built into the Brave browser. It is privacy-focused by default, with no data collection and no training on your conversations. The tradeoff is that it is less capable than dedicated assistants.
What to Do If You Have Already Shared Too Much
If you are reading this and realizing you have already put sensitive information into an AI assistant, do not panic. You have options.
First, delete your conversation history immediately. In ChatGPT, go to Settings > Data Controls > Delete all conversations. In other assistants, find the equivalent setting.
Second, go to your account settings and request a data export. Review what the company has stored about you. If you see something you want removed, request deletion. Most companies have a process for this.
Third, if you used AI for something genuinely sensitive, such as therapy, legal advice, or financial planning, consider that those conversations might be discoverable. Consult with a lawyer if you are concerned.
Fourth, change your behavior going forward. Use the compartmentalization strategy described above. Do not put sensitive information into any AI assistant unless you are using a local, private model.
The Future of AI Privacy
The good news is that regulators are waking up. The European Union’s AI Act, which came into full effect in 2025, imposes strict requirements on AI systems classified as high risk. The White House AI policy framework is pushing for similar standards in the United States.
The bad news is that enforcement is weak and technology moves faster than law.
For more AI security research, visit Infoqraf. The future of AI privacy will likely involve three trends. First, more users will adopt local AI models as they become more capable. Second, privacy-focused AI assistants will emerge as a competitive category. Third, regulation will eventually catch up, but not before more breaches occur.
In the meantime, you are your own best defender. Use the steps in this guide. Stay informed. Be careful what you share.
FAQ. Frequently Asked Questions
Question:
I have been using ChatGPT for over a year and I have put all sorts of personal information into it. Medical symptoms. Financial questions. Relationship problems. I am terrified that this data could be leaked or used against me. What should I do right now?
Answer:
First, take a deep breath. You are not alone. Millions of people have done exactly the same thing. The good news is that major AI companies have strong security teams and data breaches are rare. The bad news is that the risk is real.
Here is your action plan. Step one, immediately delete your entire conversation history. In ChatGPT, go to Settings, then Data Controls, then Delete all conversations. Step two, go to the same menu and turn off “Improve the model for everyone.” This prevents OpenAI from using your future conversations for training. Step three, request a data export. This will show you exactly what OpenAI has stored about you. Review it. If you see anything you want deleted, contact OpenAI support and request deletion. Step four, change your behavior going forward. Never put sensitive personal information into any cloud based AI assistant again. Use local AI models for sensitive topics.
Question:
I use AI at work and my employer has not given me any guidance on security. I want to be responsible, but I also want the productivity benefits. What is the safest way to use AI for work without risking company data?
Answer:
First, assume that everything you put into a public AI assistant like ChatGPT or Gemini could become public. Do not put any truly confidential company information into these tools.
Use AI for tasks that involve only public or non-sensitive information. If your company uses Microsoft 365, ask your IT department about Microsoft Copilot. Copilot for enterprise has stronger privacy guarantees than consumer AI tools because it operates within your company’s existing data governance framework.
If you are still worried, use a local AI model on your personal device for work related tasks. This keeps the data on your machine and does not send it to any cloud service.
Question:
I read that AI assistants can be hacked through prompt injection attacks. How worried should I be about this, and is there anything I can do to protect myself?
Answer:
Prompt injection is a real and concerning vulnerability, but for most individual users, the practical risk is currently low.
Be skeptical of any text that asks you to give specific instructions to your AI assistant. Before you paste unfamiliar text into an AI assistant, review it for anything that looks like hidden instructions. Malicious prompts often include phrases like “ignore previous instructions” or “now do the following.”
Use AI assistants that have implemented defenses against prompt injection, keep your software updated, and consider local AI tools for highly sensitive work.
