Are chatbots safe? What to know before you share anything
Chatbots have become ubiquitous across the internet. They answer customer service questions, help with complex questions, streamline tasks at work, and assist with everything from writing emails to filing taxes. However, as these tools become more woven into everyone’s daily life, it’s important to ask whether they’re safe to use.
The short answer is that it depends on various factors, such as the provider of the chatbot, what information you’re sharing with it, and whether your chats are used as training data for AI models. This article explores the benefits of AI chatbots, the risks to watch out for, and what you shouldn’t share so you can use these tools without putting yourself at unnecessary risk.
Understanding the risks of chatbots
Chatbots collect, store, and, in many cases, use your conversation data. Before you type anything into a chat window, it helps to know what can go wrong.
Data breaches and privacy violations
Your conversations with chatbots are typically stored, and that stored data could become a target. In 2025, a flaw in the McDonald's AI recruitment chatbot McHire allowed researchers to access data from over 64 million job applicants because administrator access was gated behind the default password of "123456."
Additionally, Concentric AI’s 2H 2025 Data Risk Report found that, across its customer sample, Microsoft Copilot accessed an average of almost three million sensitive data records per organization during the first half of 2025, meaning a breach could potentially have catastrophic privacy consequences.
Use of personal information
Many major AI chatbots operate on opt-out privacy systems by default, meaning your conversations and any personal information within them get stored and used to train the model unless you explicitly choose not to. What’s more, the opt-out option is sometimes hard to find and might not be labeled intuitively. Many users aren’t even aware that their information is stored.
Overall, it’s important to know that when you input sensitive personal information into a chatbot, it may be retained, reviewed by human moderators, or used to train future models.

Scams, phishing, and fake chatbots
Criminals can create fake chatbots that impersonate customer support agents, financial institutions, retailers, or other trusted organizations in an attempt to steal personal information, login credentials, or payment details.
AI-powered chatbots are also making phishing and social engineering scams more convincing. Instead of relying on generic messages, scammers can use chatbots to generate realistic conversations, answer victims' questions in real time, and tailor their tactics to specific targets.
Inaccurate or misleading responses
Among the major concerns with AI chatbots is that their answers aren’t always accurate, and they often generate plausible-sounding but factually incorrect information and present it with complete confidence. These responses are known as AI hallucinations.
Someone who isn’t familiar with the information being presented may assume it’s correct, which can be especially dangerous if it involves legal or medical advice, for example. This is why it’s always important to be cautious instead of trusting AI answers completely.
Common chatbot vulnerabilities
Beyond data collection practices and user behavior, a risk with using chatbots is that they may have inherent vulnerabilities if they aren’t well-built and maintained. The key ones are listed below.
Insufficient encryption
A failure to implement proper encryption for data in transit or at rest can leave user conversations vulnerable to interception.
A noteworthy example of this was when cybersecurity researchers exposed a major flaw where OpenAI's official ChatGPT app for macOS was initially storing local user chat histories as unencrypted plain text on Apple computers, bypassing standard app sandboxing protections. Since sandboxing is among the key ways macOS maintains security, this left users’ chat histories vulnerable to any malicious processes on the system. Once discovered, the vulnerability was swiftly fixed by OpenAI.
Insufficient authentication
If chatbot administrative dashboards lack strong access controls like multi-factor authentication (MFA), a single compromised account can give an attacker access to large amounts of user data. The clearest example of this is the aforementioned McHire chatbot.
Poor data storage practices
Some platforms retain conversation data far longer than necessary or store it in unsecured cloud environments. When proper data security isn’t configured, any outsider could potentially access unprotected user information.
This is the exact flaw that led to the massive exposure involving the Chat & Ask AI app, where a researcher easily accessed 300 million private user messages from over 25 million users due to a Google Firebase misconfiguration.
Read more: What is a prompt injection attack, and how can it be prevented?
What to never tell a chatbot that can store your input
It’s important to know what not to share with chatbots whose provider may have access to your conversations (which are many commonly used chatbots): here are some key things to avoid.
Passwords and login credentials
Never type a password, PIN, or security code into a chatbot. Legitimate services will never ask for them, and a chatbot that does should be treated with suspicion. If these credentials are exposed, attackers could use them to access your accounts, steal personal information, or bypass other security measures.
Financial details
Do not share bank account numbers, credit card details, tax identification numbers, or any other sensitive financial data with chatbots. In general, it’s fine to use a legitimate chatbot for general financial tips and guidance on money management, but you should avoid adding any potentially sensitive financial information to the conversation.
Medical and health information
A 2026 King’s College London Policy Institute report, based on a Focaldata survey of 2,093 UK adults, found that 15% of respondents had used AI chatbots for health advice instead of contacting a GP. Aside from the risk of chatbots sharing inaccurate health advice, there’s a significant privacy risk too, because conversations with AI chatbots aren’t generally private and legally protected the way conversations with healthcare professionals are.
Some people also use therapy or mental health chatbots for emotional support. While these tools may provide comfort or general guidance, they can also give inappropriate advice, reinforce unhealthy beliefs, or fail to recognize when a user needs professional help. These conversations also often involve highly sensitive personal information, so users should consider the privacy implications before sharing any mental health concerns with a chatbot.
Private company information
Employees who paste internal strategy documents, client data, source code, or unreleased product details into a chatbot that’s not private by design risk exposing it.
This is exactly what happened when Samsung's semiconductor division allowed engineers to use ChatGPT. Within weeks of granting access, employees had inadvertently leaked proprietary information to the platform on at least three separate occasions. The compromised data included sensitive source code, internal meeting recordings, and confidential hardware data.
Security features to look for in an AI chatbot
Reputable chatbot platforms have various security measures that help reduce the risks discussed above, and understanding these helps users know what to look for when choosing a chatbot.
Strong encryption standards and practices
AI-powered chatbots from established providers use HTTPS and encrypt data during transmission using Transport Layer Security (TLS), meaning all communications between your device and the chatbot are encrypted. They also provide encryption at rest using industry-standard 256-bit Advanced Encryption Standard (AES-256) encryption.
Security audits and compliance
Responsible chatbot providers conduct regular security audits and penetration testing to ensure their security standards are always up-to-date. Some, like OpenAI, also have bug bounty programs that reward white-hat hackers for ethical and good-faith security testing if they can discover any vulnerabilities within their systems.
Reputable AI chatbot platforms also comply with critical data protection regulations such as the General Data Protection Regulation (GDPR) and various others like System and Organization Controls 2 (SOC 2), SOC 3, and more. They typically maintain trust portals or trust centers, where users can review documentation and find out which regulations the chatbot is compliant with.
Content filters and abuse detection
Major AI providers include content moderation systems designed to block harmful outputs and detect unusual patterns of use, and they can even suspend accounts when suspicious activity is detected or users consistently violate usage policies or platform terms of service.
However, it’s important to remember that these filters are far from perfect. OpenAI, for example, acknowledged this in August 2025 when it stated that safeguards work more reliably in common, short exchanges and can degrade over longer interactions.
Essential precautions when using AI chatbots
Safe chatbot usage involves developing consistent habits that can reduce your exposure. Below are some of the key practices you should follow regardless of which chatbot you use.
Avoid personal data sharing
As discussed above, the most effective protection is limiting what you put in. Unless you’re using a private-by-design AI chatbot like ExpressAI, assume that anything you type into a chatbot could eventually be seen, stored, or used. That includes names, addresses, contact details, and anything that could be used to identify you or somebody else.
Understand user agreements
The terms you agree to when using a chatbot determine how your data is handled. Since many major chatbot platforms use opt-out systems by default, you’re sharing data for model training unless you actively change your settings.
It’s also worth skimming the relevant sections of your chatbot’s privacy policy before regular use, as this will help you know how much of your data is being stored and processed and for how long. Be cautious of any chatbot with a vague or nonexistent privacy policy, as it’s vital to have this information stated clearly to make an informed decision.
Check privacy settings
Locate the privacy settings in any chatbot you use regularly and understand what you’ve opted into. Opting out of conversation data being used for model training is possible on most platforms but requires navigating menus that many users never open. In some cases, the option won’t be directly labeled as model training; for instance, ChatGPT labels its model training option as “Improve the model for everyone.”
There are also other options like ChatGPT’s Temporary Chat, in which your conversation doesn’t get stored and isn’t used to train the model. However, even this mode has a disclaimer at the bottom stating a copy of your chat may be kept for up to 30 days for safety reasons.
Addressing ethical AI concerns
Beyond individual risk, there are broader ethical questions about how AI is built and governed that affect every user.
The role of transparency
Transparency is one of the biggest challenges in AI. AI systems make decisions or generate outputs in ways that are generally difficult for users to understand. A chatbot might summarize medical information, a hiring tool might rank job applicants, or a recommendation system might decide what content someone sees next, but the reasoning behind those results is often unclear.
This lack of visibility can make it harder to spot errors, bias, or manipulation. Users may not know what data was used to train a system, whether their own information is being collected, or whether an answer is based on reliable sources.
Accountability and human oversight
Another major ethical concern is accountability. When an AI system makes a mistake, it is not always obvious who is responsible: the developer, the company using it, the organization that supplied the data, or the person who relied on its output.
This matters because AI is increasingly being used in areas where mistakes can affect people’s rights, opportunities, safety, or finances. Human oversight helps reduce this risk, but the pressure to make AI systems profitable can conflict with the need for careful human oversight. Companies may be incentivized to automate decisions quickly, reduce staffing costs, or scale systems without adding the slower, more expensive layer of human review.
Accountability also means having clear ways to challenge or appeal AI-assisted decisions. Users should not be left with an automated outcome they cannot question, understand, or correct.
Environmental impact
Training and running advanced AI systems can require significant computing power. This consumes energy and may increase demand for data centers, cooling systems, and specialized hardware. While AI can also help improve efficiency in some industries, its environmental cost should not be ignored.
Companies developing AI are under growing pressure to measure and reduce the energy and resource demands of their systems. This can include using more efficient models, improving data center sustainability, and being transparent about environmental impact.
Incorporating ethical practices in AI
Building ethical AI means going beyond legal compliance and embedding safety, transparency, and privacy into the design of these systems from the ground up.
Responsible AI development
As AI is becoming more prevalent, frameworks have emerged to guide responsible development. A key example of this is the National Institute of Standards and Technology (NIST) AI Risk Management Framework, which provides organizations with a structured approach to identify, measure, and manage risks throughout the system's entire lifecycle.
A noteworthy part of this framework is its section on AI Risks and Trustworthiness, which defines trustworthy AI as that which helps safeguard human identity, includes concerns for quality and equity, is accountable and transparent, is secure against adverse events, and should not lead to a state in which human life, health, property, or the environment is endangered.
Privacy-preserving AI technologies
A key improvement in AI technologies is the advent of privacy-preserving AI technologies, which aim to provide users with reliable AI chatbots without exposing their data. One example of this is ExpressAI. ExpressAI has a privacy-first architecture that uses zero-knowledge end-to-end encryption (E2EE) to ensure only users can see their own data, and no conversations, prompts, or files are ever used for training models.
To add further confidence, ExpressAI has been independently audited by cybersecurity firm Cure53, which involved a full source code review, penetration testing, and analysis of its cryptography, key management, and the infrastructure supporting it. The audit concluded that ExpressAI meets all stated privacy objectives.
FAQ: Common questions about chatbot safety
Can a chatbot be hacked?
Should businesses let employees use AI chatbots?
What should you check before using a new chatbot?
Is it safer to use paid chatbots than free ones?
Can deleted chatbot conversations still be stored?
Take the first step to protect yourself online. Try ExpressVPN risk-free.
Get ExpressVPN