LeakyLM: Your AI Assistant Is (Not) Leaking Your Conversations

Researchers at IMDEA Networks, a Madrid-based research institute specializing in data and communication networks, have published a disclosure suggesting that major AI assistants may expose chatbot conversations. Their report is, however, framed more dramatically than its strongest evidence supports, and it concedes:

While we do not yet have evidence that conversations are read by trackers…

While ChatGPT and Claude are included in the report, the only cases where a (permalink) URL leaked to a tracking service could amount to access to conversational content are Grok and some Perplexity configurations. Perplexity appears to have removed one Meta Pixel integration in April 2026.

What remains for ChatGPT and Claude, on the report’s own evidence, is narrower: transmission of conversation URLs, page titles or chat topics, browser metadata, advertising cookies, anonymous IDs, email addresses or hashes, and support/analytics telemetry to third parties such as Google Analytics, Meta, TikTok, and related advertising infrastructure.

This is a data privacy concern, but it is not as if ChatGPT or Claude are “leaking your conversations” in the ordinary sense of making chat contents readable by unauthorized third parties.

Update: a class action lawsuit has been filed, alleging OpenAI unlawfully disclosed ChatGPT user queries, chat topics, user IDs, and email-linked identifiers to Meta and Google through embedded tracking technologies including Facebook Pixel and Google Analytics (via Rob Freund)