AI might be leaking your chats to Meta, TikTok, and Google

A new study reveals that ChatGPT, Claude, Grok, and Perplexity are leaking user data to third-party ad trackers.
When you type something into an AI chatbot, you probably assume the convo stays between you and the machine. But you're mistaken, and a new study details exactly who else is eavesdropping.
Researchers from IMDEA Networks Institute dropped findings on May 4, showing that all four major AI assistants — ChatGPT, Claude, Grok, and Perplexity — are quietly sharing data with third-party advertising and analytics services, including Meta, Google, and TikTok.
The project, called LeakyLM, identified over 13 embedded trackers in these platforms. None of them are disclosed to users in clear language.
Think of it this way: every time you open a chat, invisible software tools embedded in the web page communicate with ad networks — sending details about who you are, what page you’re on, and sometimes even what you’ve typed.
What’s really leakingThe most basic leak is the URL of your conversation, which is a web address pointing to a specific chat. Sounds harmless, right? The problem is that several platforms make these URLs publicly accessible by default, meaning anyone with the link can read your chat without logging in.
When these URLs are also sent to Meta or Google's ad systems, those companies gain the ability to access and read your chats.
“Leaking a URL is not just metadata — it can be equivalent to leaking the conversation itself,” researchers say.
Grok, Elon Musk's AI chatbot from xAI, is the most exposed. Guest conversations are public by default on the platform, and no login is required to read them. TikTok's tracker received not just URLs but the exact content of messages through what’s called Open Graph metadata, a standard used to generate preview images when you share a link. Basically, TikTok’s system got a screenshot of your conversation.
Claude (Anthropic) and ChatGPT (OpenAI) have stricter access controls — their chats aren’t public unless you decide to share them. But they still transmit conversation URLs and identifying data, like advertising cookies, to Meta and Google.
For Claude, this data goes to 11 advertising platforms via Anthropic's own servers, not through the browser, which is why an ad blocker won't stop it.
Perplexity removed its tracker from Meta last month.What can you do?The study acknowledges that it did not prove that Meta or Google actually read anyone's chats. But the infrastructure for that exists, and the data is being transmitted.
“The studied LLMs offer privacy controls to limit conversation visibility, but they may mislead users into thinking stronger protections are in place than are actually applied,” researchers argue.
“Even though we don’t have evidence that the chats are being read by trackers, the spread of permalinks and, by extension, the ability to read them exists, and thus, the potential risk.”
This isn't the first time AI platforms have faced scrutiny over privacy. Claude recently started requiring government identity verification for new subscribers — a measure that sparked backlash from the same privacy-conscious users who had switched from ChatGPT due to surveillance concerns.
For now, practical measures are limited. In Grok, restrict conversation visibility in settings and explicitly revoke any links you've shared. In Claude, rejecting non-essential cookies at least disables Meta's Pixel. In Perplexity, set conversations to Private. In ChatGPT, rejecting cookies where possible reduces exposure, although Google Analytics still operates for free logged-in users.
Researchers plan to extend their analysis to Meta IA, Microsoft Copilot, and Google Gemini — which were excluded from this round because they operate both as AI providers and advertising companies simultaneously, complicating the threat model.
The findings were submitted to the Data Protection Authorities on April 13, 2026. xAI was notified on April 17. As of publication, no company had responded.#IA #tiktok #Google 