Chicago cybersecurity pros are sounding the alarm on something a lot of us do without thinking: pasting Social Security numbers, bank info or other deeply personal details straight into AI chat windows and third-party chatbot apps.
The warning comes on the heels of fresh security research and a string of app-level blunders that show how supposedly private conversations with chatbots can end up exposed to the wider internet.
Local security expert Tony Sabaj told a Chicago TV audience that information shared with AI assistants "can contribute to data leaks" and urged people to treat these tools with the same caution they (hopefully) use on any other website. As reported by FOX 32 Chicago, Sabaj said users should be choosy about what they type, upload or paste into a chat.
How One Sneaky Prompt Can Turn Private Chats Into Public Leaks
Security researchers have demonstrated that an innocent-looking prompt can sometimes be enough to coax certain chat runtimes into quietly shipping out conversation data, uploaded files or summaries to an external server, with no obvious warning to the user.
Check Point Research documented a DNS-tunneling side channel in ChatGPT’s code-execution runtime and reported that OpenAI rolled out a fix on Feb. 20, 2026. The group notes that the risk gets worse when malicious logic is smuggled into custom assistants or third-party prompts that users trust a little too easily.
Leaky Apps Left Hundreds of Millions of Messages Exposed
This is not just a theoretical doomsday scenario. A widely used third-party AI chat app was found to have a backend that was publicly readable, according to researchers, exposing roughly 300 million messages tied to more than 25 million users. Those logs reportedly included highly sensitive questions and uploaded documents.
Malwarebytes attributes the exposure to a misconfigured Firebase instance and says the developer locked things down after being notified of the problem.
Browser Add-Ons Can Quietly Poach Your Prompts
Even tools that live entirely in your browser can betray your trust. Researchers have flagged malicious and poorly governed Chrome extensions that scrape text from chat windows and beam it to outside servers, a trick some analysts have nicknamed “prompt poaching.”
The Hacker News reported on extensions with sizable user bases that allegedly exfiltrated conversation content, underscoring how convenience add-ons can double as low-effort data-theft tools.
What You Should Never Paste Into a Chatbot
Security folks say there is a short list of things that simply do not belong in public AI chat tools under any circumstances:
- Social Security numbers
- Bank account or payment card numbers
- Login credentials or one-time passcodes
- API keys or cryptographic private keys
- Privileged or confidential legal communications
- Unredacted medical records or health histories
OpenAI’s privacy documentation explains how users can opt out of model training and notes that enterprise or business plans handle customer inputs under different default rules. Those controls, however, are not a substitute for basic common sense about what you share. Users are urged to review OpenAI and their own provider’s documentation before sending anything sensitive through a chatbot.
Legal Headaches and Privacy Fallout Are Already Here
An investigation by MIT Technology Review gathered real-world examples of chatbots, including major models, spitting out actual phone numbers and home addresses belonging to real people. According to the report, data-removal services are seeing a sharp rise in AI-related takedown requests.
MIT Technology Review notes that this kind of exposure can lead directly to harassment, fraud attempts and long-lasting identity hassles, and argues that users need to be more cautious at the same time vendors shore up their own safeguards.
Bottom line: AI chat windows are not private diaries. If you live or work in Chicago and are unsure what you or your organization may have already shared, experts suggest starting with a quick cleanup. That means checking app settings, deleting risky conversations, uninstalling untrusted browser extensions and asking your vendors whether your inputs are excluded from training and stored with enterprise-grade protections.
