AI Platforms Proven Safe for Sensitive User Information
NEW YORK, NY - March 25, 2026 (NEWMEDIAWIRE) - Search Atlas, a prominent SEO and digital intelligence platform, has unveiled the results of a controlled study investigating the fate of sensitive information entered into leading AI platforms. The research assessed six major large language models (LLMs), including OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode, through two controlled experiments designed to replicate worst-case data exposure scenarios.
The findings provide significant reassurance to both businesses and individuals worried about the confidentiality of information shared with AI tools. Throughout the testing of all six platforms, researchers discovered a complete absence of data leakage concerning user-provided sensitive information.
The complete study can be accessed here.
Key Findings:
- LLMs do not retain or replay user-provided sensitive information (0% data leakage across all platforms tested)
- Retrieved facts disappear when search is disabled (no evidence of short-term retention or leakage)
- Users face AI hallucinations, not data exposure
Conducted by researchers at Search Atlas, the study scrutinized six significant LLM platforms (OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode) through two controlled experiments designed to simulate extreme data exposure scenarios. The results deliver essential reassurance for businesses and individuals concerned about the handling of confidential information shared with AI tools.
1. LLMs do not retain or replay user-provided sensitive information - 0% data leakage across all platforms tested
The study investigated whether AI models would repeat private information after direct exposure. Researchers created 30 question-and-answer pairs, ensuring no public information was provided, no search indexing was performed, and no online references or presence in known training data existed.
Each model underwent a three-step process:
- Questions were posed without any prior context
- Researchers then supplied the correct answers
- The same questions were asked again to determine if the models would repeat the newly introduced information
Across all six platforms tested, none provided a single correct answer after exposure. Models that initially declined to respond continued to do so, while those inclined to generate answers still produced incorrect responses instead of repeating the injected facts. In essence, model behavior remained largely unchanged before and after exposure.
This setup simulated a worst-case scenario in which a user inputs proprietary or sensitive information into an AI system. Under these circumstances, the study found no evidence that the information carried over into future responses.
The experiment also highlighted behavioral variances across platforms. Models from OpenAI, Perplexity, and Grok tended to express uncertainty when reliable information was unavailable, leading to more "I don't know" responses. In contrast, Gemini, Copilot, and Google AI Mode were more likely to provide confident yet incorrect answers. However, none of those incorrect responses corresponded to the previously provided private information. The findings underscore a crucial distinction: hallucination (the creation of incorrect information) is not synonymous with leakage. Hallucination and leakage are different failure modes, and this study identified only the former.
2. Retrieved facts vanish when search is off - no evidence of short-term retention or leakage
The second experiment assessed whether information retrieved via live web search would persist and reappear in a model's responses once search access was disabled.
To isolate this effect, researchers selected a real-world event that transpired after the training cutoff of all tested models. This ensured that any correct answers during the experiment could solely originate from live web retrieval, rather than from the models' existing knowledge.
When search was enabled, the models answered the vast majority of questions accurately. However, once search was immediately disabled and the same questions were posed again, those correct answers largely vanished.
The only questions that models could still answer correctly without search were those whose answers could be reasonably inferred from pre-existing training data or general knowledge, rather than from information retrieved moments earlier.
In summary, the results indicated no evidence that models retained or carried forward information obtained through live search. Once retrieval access was revoked, the information no longer surfaced in responses, suggesting that the systems do not store or relay facts acquired during a prior interaction.
3. Users face AI hallucinations, not data exposure
One of the study's most practical insights is the clear differentiation between hallucination and data leakage. The platforms exhibiting lower accuracy were Gemini, Copilot, and Google AI Mode, which did not err by repeating information they had previously received. Instead, their inaccuracies stemmed from generating confident, plausible-sounding answers that were simply incorrect. OpenAI (ChatGPT) and Perplexity displayed the lowest levels of hallucination.
This distinction is crucial when assessing AI risks. A common fear is that an AI system might disclose sensitive information from one user to another. In this study, researchers found no evidence supporting that possibility.
The more consistently observed issue was hallucination (models filling knowledge gaps with fabricated facts). While this does not involve sharing private information, it presents a different challenge: individuals and organizations must ensure that AI-generated responses are reviewed and verified, especially in contexts where accuracy is vital.
What This Means
For businesses and privacy-conscious users, the findings provide comforting news. If sensitive information is shared with an AI model in a single session, such as a proprietary business strategy or private detail, the model does not appear to retain that information in a lasting memory that could be accessed by other users. Instead, the data operates more like temporary "working memory" utilized to generate a response within that interaction.
For researchers and fact-checkers, these results also underscore a significant limitation. One cannot expect an LLM to "learn" from a correction provided in a prior conversation. If a model contains an error in its foundational training data, it may continue to repeat that mistake in future sessions unless the model itself is retrained or the correct source is provided again.
For developers and AI builders, the study emphasizes the value of retrieval-based systems. Approaches such as Retrieval-Augmented Generation (RAG), which link models to live databases or search systems, remain the most dependable method to ensure AI responses are accurate for current events, proprietary information, or frequently updated data. Without retrieval, the model lacks a built-in mechanism to retain facts discovered during earlier interactions.
"Much of the anxiety surrounding enterprise AI adoption stems from a reasonable yet untested assumption that if sensitive information is input into one of these systems, it will somehow be released," stated Manick Bhan, Founder of Search Atlas. "Our goal was to rigorously test that assumption under controlled conditions instead of speculating. Across every platform we evaluated, the data did not support this concern. While this does not imply that AI is without risk-hallucination is a real and documented issue-the specific fear that your data might be leaked to another user is not something we found any evidence for. We hope this provides individuals and organizations the confidence to engage with these tools more clearly and to concentrate their focus on the actual risks present."
Methodology
The study, carried out by Search Atlas, subjected six major LLM platforms-OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode-to a rigorous, multi-stage experiment to ascertain whether they retain or leak information provided during a session. The process adhered to three steps.
Initially, researchers introduced unique, non-public facts into each model through two methods: direct user prompts and simulated web search results. The facts were entirely synthetic information that did not exist online and had no presence in known training data, ensuring that any correct answer produced by a model could only be attributed to retention of what it had been shown.
Subsequently, after each model was exposed to this private data, researchers tested whether it could be prompted into revealing those facts in a new interaction, devoid of search access and without contextual references to the original exposure. This isolated session design aimed to replicate the realistic concern that information shared with an AI in one conversation might resurface for another user later.
Finally, the team assessed two metrics across all platforms before and after exposure: the True Response Rate, which indicates how frequently a model accurately recalled the private fact, and the Hallucination Rate, which reflects how often it produced a confident but incorrect answer instead. Comparing these figures before and after data exposure enabled researchers to determine whether models were genuinely retaining new information or merely behaving as they typically do. Across all six platforms, the latter was the case.
Contact Information:
Search Atlas
368 9th Ave
New York, NY 10001
United States
Manick Bhan
+1-212-203-0986
https://searchatlas.com
