A controlled study examining data privacy in major artificial intelligence platforms has found no evidence of sensitive information leakage across six leading systems, addressing a significant concern for businesses and individual users. The research, conducted by digital intelligence platform Search Atlas, evaluated OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode through experiments designed to simulate worst-case data exposure scenarios.
The comprehensive study, available at https://searchatlas.com, revealed zero percent data leakage across all platforms tested. Researchers constructed 30 unique question-and-answer pairs containing information that had no public presence, search indexing, online references, or inclusion in known training data. After exposing each model to this private information and then asking the same questions again, none of the platforms reproduced the sensitive data.
"Much of the concern surrounding enterprise AI adoption stems from a reasonable but untested assumption that if you input sensitive information into one of these systems, it will somehow be leaked," stated Manick Bhan, Founder of Search Atlas. "Our goal was to rigorously test that assumption under controlled conditions rather than speculate. Across every platform we assessed, the data did not support it."
The study identified distinct behavioral patterns among the platforms. OpenAI, Perplexity, and Grok tended to respond with uncertainty when lacking reliable information, resulting in more frequent "I don't know" responses. In contrast, Gemini, Copilot, and Google AI Mode were more inclined to generate confident but incorrect answers. Crucially, none of these incorrect responses matched the previously provided private information.
A second experiment examined whether information retrieved via live web search would persist in models' responses once search access was disabled. Researchers selected a real-world event occurring after all models' training cutoffs, ensuring correct answers could only come from live retrieval. When search was enabled, models answered most questions correctly, but once search was disabled, those correct answers largely disappeared.
The findings demonstrate that retrieved facts do not remain in models' short-term memory. Information obtained through live search disappears when search access is removed, indicating systems do not store or pass along facts from prior interactions. This has important implications for developers, emphasizing that retrieval-based systems like Retrieval-Augmented Generation remain essential for ensuring accurate responses about current events or proprietary data.
For businesses and privacy-conscious users, the results provide significant reassurance. Sensitive information shared during a single session, such as proprietary business strategies or private details, does not appear to be absorbed into lasting memory that could be revealed to other users. Instead, the data functions more like temporary "working memory" used to generate responses within that specific interaction.
The study makes a crucial distinction between hallucination and data leakage, identifying hallucination as the more consistently observed issue. While platforms showed no evidence of exposing one user's information to another, they did demonstrate varying levels of generating confident but fabricated facts. This distinction is significant for risk assessment, as it shifts focus from privacy concerns to accuracy verification requirements.
For researchers and fact-checkers, the findings highlight an important limitation: large language models do not "learn" from corrections provided in previous conversations. If a model contains errors in its underlying training data, it may persist in repeating those mistakes unless retrained or provided with correct sources anew. This underscores the need for ongoing verification of AI-generated content, particularly in contexts where accuracy is paramount.
