ChatGPT Data Leakage via Shared Conversations

Incident Overview

Publicly shared ChatGPT conversation links have been indexed by Google and other search engines, making them discoverable via web searches.

Details of the Incident

OpenAI's "Share" feature allows users to generate public URLs of ChatGPT conversations. Many personnel at companies have used these links to collaborate internally, assuming they were private or unlisted. However, because these links were not excluded from search engine indexing, potentially sensitive content became publicly searchable.

Affected Entities

Anyone who shared ChatGPT conversations via public links — particularly for internal collaboration — may have inadvertently exposed sensitive prompts, business logic, intellectual property, or personally identifiable information.

Attribution and Motivation

This is a platform design oversight compounded by user behavior and misunderstanding of what "public" entails. This is not a traditional cyberattack but rather an emerging data governance risk inherent in the way AI tools handle sharing and collaboration.

Recommended Actions

• Search for indexed content under site:chat.openai.com/share using internal project names, code words, or company identifiers. If exposure is found, request removal through Google Search Console.
• Avoid using public ChatGPT links for collaboration. Instead, adopt internal tools with access controls or use AI platforms that support authenticated, private collaboration.
• Update internal AI usage policies to prohibit public link sharing for work-related content and provide clear guidance on approved tools and workflows.

This briefing is part of Exposure Security's ongoing executive intelligence series. For questions about how this applies to your organization specifically, contact us.