Research Shows 0% Data Leakage in Major AI Platforms

March 25, 2026 7:15 AM EDT

AI Tools Safe for Confidential Information, Study Finds

New York, United States - March 21, 2026 / Search Atlas /

NEW YORK CITY, NY, March 19, 2026 - Search Atlas, a prominent SEO and digital intelligence platform, has unveiled the results of a controlled study that investigates the fate of sensitive information entered into leading AI platforms. The research assessed six major large language models (LLMs) - OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode - through two meticulously designed experiments aimed at mimicking worst-case scenarios for data exposure.

The findings provide significant reassurance for both businesses and individuals who are apprehensive about sharing confidential information with AI tools. Throughout all six platforms examined, researchers discovered a complete lack of data leakage regarding user-provided sensitive information.

The complete study can be accessed here.

Key Findings:

  • LLMs do not retain or reproduce user-provided sensitive information (0% data leakage across all platforms evaluated)
  • Retrieved facts disappear when search is disabled (no evidence of short-term retention or leakage)
  • Users face risks of AI hallucinations, not data exposure

Conducted by researchers at Search Atlas, the study assessed six prominent LLM platforms (OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode) through two controlled experiments aimed at simulating worst-case scenarios for data exposure. The outcomes provide substantial reassurance for businesses and individuals worried about the handling of confidential information shared with AI tools.

1. LLMs do not retain or reproduce user-provided sensitive information - 0% data leakage across all platforms evaluated

The study investigated whether AI models would repeat private information after being directly exposed to it. Researchers generated 30 question-and-answer pairs without any public information, search indexing, online references, or any presence in known training data.

Each model underwent a three-step process:

  • Questions were posed without any prior context
  • Researchers subsequently provided the correct answers
  • The same questions were then repeated to see if the models would reproduce the newly introduced information

Across all six platforms examined, none provided a single correct answer after exposure. Models that initially declined to respond continued to do so, while those prone to generating hallucinated answers persisted in producing incorrect responses rather than repeating the provided facts. In essence, the behavior of the models remained largely unchanged before and after exposure.

This setup simulated a worst-case scenario in which a user inputs proprietary or sensitive information into an AI system. Under these conditions, the study found no indication that the information carried over into subsequent responses.

The experiment also highlighted behavioral variances among platforms. Models from OpenAI, Perplexity, and Grok tended to express uncertainty when reliable information was lacking, leading to more "I don't know" responses. In contrast, Gemini, Copilot, and Google AI Mode were more inclined to generate confident yet incorrect answers. Nonetheless, none of these incorrect responses corresponded to the previously provided private information. The findings underscore a critical distinction: hallucination (fabricating incorrect information) differs from leakage. Hallucination and leakage are separate failure modes, and this study identified only the former.

2. Retrieved facts disappear when search is disabled - no evidence of short-term retention or leakage

The second experiment examined whether information retrieved through live web search would persist and reappear in a model's responses once search access was turned off.

To isolate this effect, researchers chose a real-world event that occurred after the training cutoff of all models assessed. This ensured that any correct answers during the experiment could only derive from live web retrieval, not from the models' existing knowledge.

When search functionality was enabled, the models answered the majority of questions accurately. However, when search was immediately disabled and the same questions were posed again, those correct answers largely vanished.

The only questions that models could still answer correctly without search were those whose answers could reasonably be inferred from existing training data or general knowledge, rather than from information retrieved moments earlier.

In summary, the results demonstrated no evidence that models retained or carried forward information retrieved through live search. Once retrieval access was removed, the information ceased to appear in responses, indicating that the systems do not store or relay facts obtained during a prior interaction.

3. Users face risks of AI hallucinations, not data exposure

One of the study's most practical conclusions is the clear differentiation between hallucination and data leakage. The platforms exhibiting lower accuracy were Gemini, Copilot, and Google AI Mode, and their inaccuracies did not arise from repeating previously provided information. Instead, their errors stemmed from generating confident, plausible-sounding answers that were simply incorrect. OpenAI (ChatGPT) and Perplexity displayed the lowest levels of hallucination.

This distinction is crucial when assessing AI risk. A prevalent concern is that an AI system might disclose sensitive information from one user to another. In this study, researchers found no evidence supporting that scenario.

The more frequently observed issue was hallucination (models filling knowledge gaps with fabricated facts). While this does not involve the sharing of private information, it introduces a different challenge: individuals and organizations must ensure that AI-generated responses are reviewed and verified, especially in contexts where accuracy is paramount.

What This Means

For businesses and privacy-conscious users, the findings provide encouraging news. If sensitive information is shared with an AI model in a single session, such as a proprietary business strategy or personal detail, the model does not seem to absorb that information into a lasting memory that could be surfaced to other users. Instead, the data functions more like temporary "working memory" used to generate a response within that interaction.

For researchers and fact-checkers, these findings underscore a significant limitation. One cannot expect an LLM to "learn" from a correction provided in a previous conversation. If a model contains an error in its underlying training data, it may continue to repeat that mistake in future sessions unless the model itself is retrained or the correct source is supplied again.

For developers and AI builders, the study reinforces the significance of retrieval-based systems. Strategies such as Retrieval-Augmented Generation (RAG), which link models to live databases or search systems, remain the most dependable way to maintain AI responses that are accurate for current events, proprietary information, or frequently updated data. Without retrieval, the model lacks a built-in mechanism to retain facts discovered during earlier interactions.

"Much of the anxiety surrounding enterprise AI adoption stems from a reasonable but untested assumption that if sensitive information is entered into one of these systems, it will somehow be released," stated Manick Bhan, Founder of Search Atlas. "Our objective was to rigorously test that assumption under controlled conditions rather than rely on speculation. Across every platform we assessed, the data did not support it. This does not imply that AI is devoid of risks; hallucination is a genuine and documented issue, but the specific fear that your data gets leaked to the next user is not something we found any evidence for. We hope this provides individuals and organizations with the confidence to engage with these tools more transparently and to focus their attention on the actual risks present."

Methodology

The study, conducted by Search Atlas, subjected six major LLM platforms - OpenAI, Gemini, Perplexity, Grok, Copilot, and Google AI Mode - to a rigorous, multi-stage experiment to determine whether they retain or leak information provided during a session. The process involved three steps.

Initially, researchers introduced unique, non-public facts into each model through two methods: direct user prompts and simulated web search results. The facts were entirely synthetic and did not exist anywhere online, ensuring that any correct answer produced by a model could only be attributed to retention of what it had been shown.

Next, after each model was exposed to this private data, researchers assessed whether it could be prompted into revealing those facts in a new interaction, devoid of search access and contextual references to the original exposure. This isolated session design aimed to replicate the realistic concern that information shared with an AI in one conversation might surface for another user later.

Finally, the team evaluated two metrics across all platforms before and after exposure: the True Response Rate, indicating how often a model accurately recalled the private fact, and the Hallucination Rate, denoting how frequently it produced a confident but incorrect answer instead. By comparing these figures before and after data exposure, researchers could ascertain whether models were genuinely retaining new information or merely behaving as they always had. Across all six platforms, the answer was the latter.

Contact Information:

Search Atlas

368 9th Ave
New York, NY 10001
United States

Manick Bhan
+1-212-203-0986
https://searchatlas.com



Serious News for Serious Traders! Try StreetInsider.com Premium Free!

You May Also Be Interested In





Related Categories

Press Releases, Press Services