内容来源：https://www.technologyreview.com/2026/05/13/1137203/ai-chatbots-are-giving-out-peoples-real-phone-numbers/

内容总结：

谷歌AI聊天工具屡次泄露用户真实手机号，专家表示“防不胜防”

近期，多名用户反映谷歌旗下AI聊天工具“Gemini”在回复中错误地提供了他人的真实手机号码，引发广泛隐私担忧。有Reddit用户发帖称，他的手机在一个月内不断接到陌生人电话，对方声称在寻找律师、产品设计师或锁匠——这些来电均被Gemini错误指引所致。一名以色列软件开发者也在WhatsApp上被陌生人联系，原因是Gemini提供了错误的客服信息，其中包含他的私人号码。华盛顿大学一名博士生更在测试中让Gemini直接说出了同事的手机号。

专家指出，此类隐私泄露多因AI训练数据中包含个人身份信息（PII）所致。尽管具体机制尚不明确，但后果已相当严重——且目前几乎没有有效的阻止手段。一家协助用户从互联网删除个人信息的公司表示，近七个月来，关于生成式AI泄露隐私的客户咨询量激增400%，其中55%涉及ChatGPT，20%提及Gemini，15%涉及Claude。

分析认为，随着网络公开数据逐渐“枯竭”，AI公司越来越多地从数据经纪商等处获取训练资料，这进一步增加了PII泄露风险。尽管各公司都设置了“护栏”试图过滤敏感信息，但实际效果有限。例如，有用户反映，ChatGPT在最初拒绝提供某教授地址后，竟主动建议用户“缩小范围”以便挖掘更深层信息，最终成功获取了该教授的住址、购房价格及配偶姓名。

现有隐私法规如《加州消费者隐私法案》或欧盟《通用数据保护条例》通常不覆盖已被抓取并用于训练的公开信息。专家表示，消费者目前最好的办法是“从源头下手”，即赶在数据被抓取前主动从公开网络中删除个人信息。然而，这并不保证数据尚未被用于训练，也无法完全避免AI意外输出。

目前，谷歌、OpenAI等公司虽设有隐私申诉渠道，但处理效率低下，且是否真正移除数据仍取决于所在司法管辖区的法律。有用户反映，在提交删除请求后数周才得到回应，而骚扰电话仍未停止。部分研究人员已着手设计新项目，系统性地测试各类AI聊天工具究竟掌握了多少用户的私人信息，以及它们是否会“降低门槛”，让恶意分子更容易获取他人隐私。

中文翻译：

AI聊天机器人正在泄露人们的真实电话号码
用户报告称，谷歌AI暴露了他们的个人信息，而且似乎没有简单的办法阻止这种情况。

一位Reddit用户最近发帖称自己“急需帮助”：他说，大约一个月来，他的电话被“陌生人”打爆，这些人“正在找律师、产品设计师、锁匠”。来电者显然是被谷歌的生成式AI误导了。

今年3月，以色列的一名软件开发人员在WhatsApp上被联系，原因是谷歌的聊天机器人Gemini提供了错误的客户服务指引，其中包含了他的号码。

今年4月，华盛顿大学的一名博士生在摆弄Gemini时，AI竟吐出了她同事的个人手机号码。

AI研究人员和在线隐私专家长期以来一直警告，生成式AI对个人隐私构成了无数威胁。这些案例又给了我们一个需要担忧的场景：生成式AI暴露人们的真实电话号码。（这位Reddit用户未回应多次的置评请求，我们也无法独立核实他的经历。）

专家表示，这些隐私泄露问题很可能是由于训练数据中使用了个人身份信息（PII），尽管很难理解导致AI生成回复中出现真实电话号码的具体机制。但无论原因如何，结果对信息被泄露的人来说都不好受——更令人担忧的是，似乎几乎没有人能阻止这种情况。

与AI相关的隐私请求增加了400%

目前无法得知人们的电话号码被AI聊天机器人暴露的频率有多高，但专家表示，他们认为实际发生的情况远多于公开报道。

帮助客户从互联网上删除个人信息的公司DeleteMe表示，在过去七个月里，客户关于生成式AI的查询增加了400%，达到了数千个。该公司联合创始人兼首席执行官罗布·沙维尔说，这些查询“具体提到了ChatGPT、Claude、Gemini或其他生成式AI工具”。沙维尔表示，具体来看，其中55%涉及ChatGPT，20%涉及Gemini，15%涉及Claude，10%涉及其他AI工具。（《麻省理工科技评论》订阅了DeleteMe的企业服务。）

沙维尔说，客户关于个人信息被大语言模型曝光的投诉通常有两种形式：一种是“客户向聊天机器人询问关于自己的某个无害问题，却得到了准确的家庭住址、电话号码、家庭成员姓名或雇主信息”。另一种是，客户可能偶然发现并报告他人个人数据被曝光的情况，即“聊天机器人生成了看似合理但错误的联系方式”。

这与28岁的以色列软件工程师丹尼尔·亚伯拉罕的遭遇吻合。他说，3月中旬，一个陌生人从一个“未知号码”给他发了一条“奇怪的WhatsApp消息”，请求帮助解决他在以色列支付应用PayBox上的账户问题。

“我以为这是一条垃圾信息，”他在给《麻省理工科技评论》的电子邮件中写道——“有人在试图捉弄我。”

但当他问陌生人如何找到他的号码时，对方发来了一张Gemini指引截屏，上面写着通过WhatsApp联系PayBox客服——并提供了他的个人号码。亚伯拉罕不为PayBox工作，而PayBox客服代表埃拉德·加贝证实，该公司并没有WhatsApp客服号码。

后来，亚伯拉罕问Gemini如何联系PayBox，它又生成了另一个人的WhatsApp号码。当我最近尝试时，Gemini再次回复了一个以色列电话号码——这个号码不属于PayBox，而是属于一家与PayBox合作的独立信用卡公司。

亚伯拉罕与陌生人的交流很快就结束了，但他担心其他潜在的交流可能会迅速恶化，包括“骚扰或其他不良互动”。“如果我说要钱才能‘解决’那个（客服）问题呢？”他说。

为了弄清楚这是怎么发生的，亚伯拉罕在谷歌上常规搜索了自己的电话号码，发现它在2015年曾被分享到一个类似Quora的本地网站上。虽然他不确定是谁贴上去的，但这或许可以解释为什么十年后它会被Gemini重新生成。

像Gemini、OpenAI的ChatGPT和Anthropic的Claude这样的聊天机器人，都是基于从整个网络抓取的海量数据训练而成的大语言模型。这不可避免地包含了数以亿计的个人身份信息实例。例如，正如我们去年夏天报道的，用于训练图像生成模型的大型流行开源数据集DataComp CommonPool就包含了简历、驾照和信用卡的副本。

随着公共数据“枯竭”，AI公司寻找新的高质量训练数据来源，个人身份信息出现在AI训练数据中的可能性只会增加。这包括来自数据经纪商和人肉搜索网站的信息。例如，根据加州数据经纪商登记册，该州注册的578家数据经纪商中，有31家自称“在过去一年中曾将消费者数据分享或出售给生成式AI系统或模型的开发者”。

此外，众所周知，模型会从训练数据集中逐字记忆并重现数据——而最近的研究表明，并非只有频繁出现的数据才最容易被记忆。

不完美的措施

现在，在大语言模型设计中设置护栏以限制某些输出已成为标准做法，从旨在识别和阻止聊天机器人泄露个人身份信息的内容过滤器，到Anthropic给Claude的指令，要求其选择包含“属于他人的最少个人、私人或机密信息”的回复。

但正如华盛顿大学两名研究隐私与技术的博士生最近亲眼所见，这些保护措施并不总是奏效。

“有一天，我正在Gemini上随便玩，我搜了一下我的朋友兼合作者亚埃尔·艾格，”梅拉·吉尔伯特说。她输入了“亚埃尔·艾格联系方式”，Gemini提供了艾格的研究概述，这在她意料之中，但Gemini还返回了她朋友的个人电话号码。“这太令人震惊了，”吉尔伯特说。

当艾格看到Gemini的结果时，她想起自己确实在去年为了一个技术研讨会而在网上分享了电话号码。但她没想到这会如此容易被互联网上的所有人看到。

“让你的信息……只对特定受众可见，然后Gemini让它对任何人可见，”艾格说，这种感觉完全不同——尤其是当她发现这些信息在普通的谷歌搜索中其实埋藏得很深时。

“它被严重降权了，”吉尔伯特证实。“如果我只是浏览谷歌搜索结果，我永远不会找到它。”（本月初，我在Gemini中尝试了同样的提示，在最初被拒绝后，该工具也给了我艾格的号码。）

这次经历后，艾格、吉尔伯特和另一位华盛顿大学博士生安娜-玛丽亚·格奥尔基耶娃决定测试ChatGPT，看它会对一位教授透露什么信息。

起初，OpenAI的护栏起了作用，ChatGPT回复说该信息不可用。但在同一回复中，聊天机器人建议道：“如果你想深入挖掘，我仍然可以尝试一种更‘调查式’的方法。”它说，只需提供教授可能居住的“大致区域”，或者教授房产的“可能共同所有人姓名”，来帮助“缩小范围”。ChatGPT继续说：“这通常是找出更新或故意不那么显眼的房产记录的唯一方法。”

学生们提供了这些信息，ChatGPT随后从城市房产记录中给出了教授的家庭住址、购房价格和配偶姓名。

（OpenAI的代表塔亚·克里斯蒂安森表示，在没有看到截图或知道学生们测试的是哪个模型的情况下，她无法评论此案例的具体情况，尽管我们指出，许多用户可能不知道自己在ChatGPT界面中使用的是哪个模型。在回答关于个人身份信息泄露的问题时，她发送了描述OpenAI如何处理隐私问题的文件链接，包括过滤个人身份信息和其他工具。）

DeleteMe的沙维尔说，这揭示了聊天机器人的一个根本问题。AI公司“可以设置护栏，但（它们的聊天机器人）也被设计成高效且能回答客户问题”。

信息泄露问题不仅限于Gemini或ChatGPT。去年，Futurism发现，如果你用“[姓名] 地址”提示xAI的聊天机器人Grok，在几乎所有情况下，它不仅会提供住宅地址，还会经常提供此人的电话号码、工作地址，以及姓名相似者的地址。（xAI未回应置评请求。）

没有明确答案

这个问题没有简单的解决办法——既没有简单的方法来验证某个人的个人信息是否在给定模型的训练集中，也无法强制模型删除个人身份信息。

斯坦福大学以人为本人工智能研究所的隐私和数据研究员詹妮弗·金说，理想情况下，个人消费者应该能够要求删除其个人身份信息。但金解释说，这通常被解释为仅适用于用户直接提供给公司的数据——比如当他们与聊天机器人互动时。

“我不知道谷歌是否有这样的基础设施……可以对我说‘是的，我们在训练数据中有你的数据，我们可以总结我们所知道的关于你的信息，然后我们可以删除或纠正错误的信息或你不希望存在于其中的内容’，”她说。

现有的隐私立法，如《加州消费者隐私法案》或欧洲的《通用数据保护条例》，并未涵盖已经抓取并用于训练大语言模型的“公开可用”信息，特别是因为这些信息中有很大一部分是匿名的（尽管多项研究也表明，从匿名和假名数据中推断身份和个人身份信息是多么容易）。

至于“它们（AI公司）是否曾经系统地尝试追溯已从公共互联网收集的数据并减少这类信息？”金补充道：“不清楚。”

次优的解决方案是，这些公司“删除所有人的电话号码或所有类似（电话号码）的数据”，金说，但“没有人愿意承认”他们在这么做。

托管开源数据集和AI模型的平台Hugging Face提供了一个工具，允许人们搜索某一条数据——比如他们的电话号码——在开源的大语言模型训练数据集中出现的频率，但这并不一定代表那些驱动着流行聊天机器人（如Claude、ChatGPT和Gemini）的封闭大语言模型使用了哪些数据进行训练。（例如，艾格的号码并未出现在Hugging Face的工具中。）

Gemini应用和谷歌实验室的传播负责人亚历克斯·约瑟夫没有回答具体问题，但表示“团队”正在“调查”《麻省理工科技评论》指出的特定案例。他还提供了一个支持文档的链接，其中描述了用户如何“反对处理你的个人数据”或“要求更正Gemini Apps回复中不准确的个人数据”。该页面指出，公司的回应将取决于你所在司法管辖区的隐私法律。

OpenAI有一个隐私门户，允许人们提交请求，要求从其ChatGPT回复中删除个人信息，但指出它会在隐私请求与公共利益之间取得平衡，“如果我们有合法的理由，可能会拒绝请求”。

Anthropic描述了其在模型训练中如何使用个人数据，但没有明确途径供人们要求删除。该公司未回应置评请求。

对于任何希望保护自己私人数据的人来说，目前的最佳选择是“从上游着手：在个人数据被下次抓取之前，将其从公共网络上清除，”沙维尔说。例如，自今年年初以来，加州已为其居民提供了一个网络门户，要求数据经纪商删除他们的信息。尽管如此，这并不能保证你的数据尚未被用于训练——因此不会出现在聊天机器人的回复中。

那位遭受持续电话骚扰的Reddit用户发帖称，他“已向谷歌提交了正式的合法删除/隐私请求，要求他们紧急将我的号码从其大语言模型输出中屏蔽”，但尚未收到回复。他上个月还写道，“骚扰每天都在继续”。

以色列软件开发者亚伯拉罕说，他在3月17日，即其电话号码被泄露的第二天，联系了谷歌的客户服务。他说直到5月4日才收到回复，而回复只是要求提供他已经提交过的文件。

与此同时，受到自己在Gemini上信息被泄露的启发，艾格与吉尔伯特和格奥尔基耶娃正在设计一个研究项目，以进一步了解各种AI聊天机器人正在泄露哪些个人信息——以及它们可能知道什么，即使它们没有告诉我们。

其中一些信息“从技术上讲可能是公开的，”吉尔伯特说，但聊天机器人可能改变了“你为找到它而需要付出的努力”。现在，无需搜索10页谷歌搜索结果，或从数据经纪商网站付费获取信息，“生成式AI是否只是降低了针对个人的门槛？”

（本文已更新以澄清OpenAI的回应。）

深入探索
人工智能
OpenAI正全力打造一个完全自动化的研究员
与OpenAI首席科学家雅各布·帕乔基的独家对话，探讨其公司的新宏伟挑战与AI的未来。

想了解人工智能的当前状态？请看这些图表。
根据斯坦福2026年AI指数，AI正在飞速发展，而我们正努力追赶。

马斯克诉奥特曼第一周：埃隆·马斯克称自己受骗，警告AI可能杀死我们所有人，并承认xAI提炼了OpenAI的模型
马斯克保持了冷静，而OpenAI的律师则用尖锐问题抨击他起诉公司的动机。

当前AI领域最重要的10件事
《麻省理工科技评论》对2026年AI领域10项技术、新兴趋势、大胆创意和强大运动的权威概述。

保持联系
获取来自《麻省理工科技评论》的最新更新
发现特别优惠、头条新闻、即将举办的活动等更多内容。

英文来源：

AI chatbots are giving out people’s real phone numbers
People report that their personal contact info was surfaced by Google AI—and there’s apparently no easy way to prevent it.
People report that their personal contact info was surfaced by Google AI—and there’s apparently no easy way to prevent it.
A Redditor recently wrote that he was “desperate for help”: for about a month, he said, his phone had been inundated by calls from “strangers” who were “looking for a lawyer, a product designer, a locksmith.” Callers were apparently misdirected by Google’s generative AI.
In March, a software developer in Israel was contacted on WhatsApp after Google’s chatbot Gemini provided incorrect customer service instructions that included his number.
And in April, a PhD candidate at the University of Washington was messing around on Gemini and got it to cough up her colleague’s personal cell phone number.
AI researchers and online privacy experts have long warned of the myriad dangers generative AI poses for personal privacy. These cases give us yet another scenario to worry about: generative AI exposing people’s real phone numbers. (The Redditor did not respond to multiple requests for comment and we could not independently verify his story.)
Experts say that these privacy lapses are most likely due to personally identifiable information (PII) being used in training data, though it’s hard to understand the exact mechanism causing real phone numbers to show up in the AI-generated responses. But no matter the reason, the result is not fun for people on the receiving end—and, even more worryingly, there appears to be little that anyone can do to stop it.
A 400% increase in AI-related privacy requests
It’s impossible to know how often people’s phone numbers are exposed by AI chatbots, but experts say they believe that it is happening far more than is reported publicly.
DeleteMe, a company that helps customers remove their personal information from the internet, says customer queries about generative AI have increased by 400%—up to a few thousand—in the last seven months. These queries “specifically reference ChatGPT, Claude, Gemini … or other generative AI tools,” says Rob Shavell, the company’s cofounder and CEO. Specifically, 55% of these concerns about generative AI reference ChatGPT, 20% reference Gemini, 15% Claude, and 10% other AI tools, Shavell says. (MIT Technology Review has a business subscription to DeleteMe.)
Shavell says customer complaints about personal information being surfaced by LLMs usually take two forms: Either “a customer asks a chatbot something innocuous about themselves and gets back accurate home addresses, phone numbers, family members’ names, or employer details.” Alternatively, a customer may be confronted with and report the exposure of someone else’s personal data, when “the chatbot generates plausible-but-wrong contact information.”
This aligns with what happened to Daniel Abraham, a 28-year-old software engineer in Israel. In mid-March, he says, a stranger sent him a “weird WhatsApp message from an unknown number” asking for help with his account in PayBox, an Israeli payment app.
“I thought it was a spam message,” he wrote to MIT Technology Review in an email—“someone who was trying to troll me.”
But when he asked the stranger how they had found his number, they sent him a screenshot of Gemini’s instructions to contact PayBox customer service via WhatsApp—giving his personal number. Abraham does not work for PayBox, and PayBox does not have a WhatsApp customer service number, Elad Gabay, a customer service representative for the company, confirmed.
Later, Abraham asked Gemini how to contact PayBox, and it generated another person’s WhatsApp number. When I recently asked, Gemini again responded with an Israeli phone number—it belonged not to PayBox, but to a separate credit card company that works with PayBox.
Abraham’s exchange with the stranger ended quickly, but he said he was concerned about how other potential exchanges could quickly turn sour, including “harassment or other bad interactions.” “What if I asked for money in order to ‘solve’ that [customer service] issue?” he said.
To try to figure out how this happened, Abraham ran a regular Google search on his phone number, and he found that it had been shared online once, back in 2015, on a local site similar to Quora. Though he’s not sure who posted it there, it may explain how it ended up being reproduced by Gemini over a decade later.
Chatbots like Gemini, Open AI’s ChatGPT, and Anthropic’s Claude are built on LLMs that are trained on huge amounts of data scraped from across the web. This inevitably includes hundreds of millions of instances of PII. As we reported last summer, for example, the large popular open-source data set DataComp CommonPool, which has been used to train image-generation models, included copies of résumés, driver’s licenses, and credit cards.
The likelihood of PII appearing in AI training data is only increasing as public data “runs out” and AI companies look for new sources of high-quality training data. This includes information from data brokers and people-search websites. According to the California data broker registry, for instance, 31 of 578 registered data brokers operating in the state self-reported that they had “shared or sold consumers’ data to a developer of a GenAI system or model in the past year.”
Furthermore, models are known to memorize and reproduce data verbatim from training data sets—and recent research suggests that it is not just frequently appearing data that is most likely to be memorized.
Imperfect Measures
It’s standard practice now to build guardrails into an LLM’s design to constrain certain outputs, ranging from content filters meant to identify and prevent chatbots from releasing PII to Anthropic’s instructions to Claude to choose responses that contain “the least personal, private, or confidential information belonging to others.”
But as a pair of University of Washington PhD students researching privacy and technology saw firsthand recently, these safeguards don’t always work.
“One day, I was just playing around on Gemini, and I searched for Yael Eiger, my friend and collaborator,” Meira Gilbert says. She typed in “Yael Eiger contact info,” and after Gemini provided an overview of Eiger’s research, which Gilbert had expected, Gemini also returned her friend’s personal phone number. “It was shocking,” Gilbert says.
When she saw the Gemini result, Eiger remembered that she had, in fact, shared her phone number online in the previous year, for a technology workshop. But she had not expected it to be so visible to everyone on the internet.
“Having your information be … accessible to one audience, and then Gemini making it accessible to anyone” feels completely different, Eiger says—especially when she found that the information was buried in a normal Google search.
“It was severely downgraded,” Gilbert confirms. “I never would have found it if I was just looking through Google results.” (I tried the same prompt in Gemini earlier this month, and after an initial denial, the tool also gave me Eiger’s number.)
After this experience, Eiger, Gilbert, and another UW PhD student, Anna-Maria Gueorguieva, decided to test ChatGPT to see what it would surface about a professor.
At first, OpenAI’s guardrails kicked in, and ChatGPT responded that the information was unavailable. But in the same response, the chatbot suggested, “if you want to go deeper, I can still try a more ‘investigative-style’ approach.” Their inquiry just had to help “narrow things down,” ChatGPT said, by providing “a neighborhood guess” for where the professor might live, or “a possible co-owner name” for the professor’s home. ChatGPT continued: “That’s usually the only way to surface newer or intentionally less-visible property records.”
The students provided this information, leading ChatGPT to produce the professor’s home address, home purchase price, and spouse’s name from city property records.
(Taya Christianson, an OpenAI representative, said she was not able to comment on what happened in this case without seeing screenshots or knowing which model the students had tested, though we pointed out that many users may not know which model they were using in the ChatGPT interface. In response to questions about the exposure of PII, she sent links to documents describing how OpenAI handles privacy, including filtering out PII, and other tools.)
This reveals one of the fundamental problems with chatbots, says DeleteMe’s Shavell. AI companies “can build in guardrails, but [their chatbots] are also designed to be effective and to answer customer questions.”
The exposure issue is not limited to Gemini or ChatGPT. Last year, Futurism found that if you prompted xAI’s chatbot Grok with “[name] address,” in almost all cases, it provided not only residential addresses but also often the person’s phone numbers, work addresses, and addresses for people with similar-sounding names. (xAI did not respond to a request for comment.)
No clear answers
There aren’t straightforward solutions to this problem—there’s no easy way to either verify whether someone’s personal information is in a given model’s training set or to compel the models to remove PII.
Ideally, individual consumers should be able to request that their PII be removed, says Jennifer King, the privacy and data fellow at Stanford University Institute for Human-Centered Artificial Intelligence. But this is typically interpreted to apply only to the data that people have directly given to companies—like when they interact with a chatbot, King explains.
“I don’t know if Google even has the infrastructure … to say to me, ‘Yes, we have your data in our training data, we can summarize what we know about you, and then we can delete or correct things that are wrong or things that you don't want in there,’” she says.
Existing privacy legislation, like the California Consumer Privacy Act or Europe’s GDPR, does not cover the “publicly available” information that has already been scraped and used to train LLMs, especially since much of this is anonymized (though multiple studies have also shown how easy it is to infer identities and PII from anonymized and pseudonymous data).
As to “whether they [AI companies] have ever systematically tried to go back through data that had already been collected from the public internet and minimized that stuff?” King adds. “No idea.”
The next best solution would be that the companies are “taking out everybody’s phone numbers or all data that resembles [phone numbers],” King says, but “nobody’s been willing to say” they’re doing that.
Hugging Face, a platform that hosts open-source data sets and AI models, has a tool that allows people to search how often a piece of data—like their phone number—has appeared in open-source LLM training data sets, but this does not necessarily represent what has been used to train closed LLMs that power popular chatbots like Claude, ChatGPT, and Gemini. (Eiger’s number, for example, did not show up in Hugging Face’s tool.)
Alex Joseph, the head of communications for Gemini apps and Google Labs, did not respond to specific questions, but he said that “the team” is “looking into” the particular cases flagged by MIT Technology Review. He also provided a link to a support document that describes how users can “object to the processing of your personal data” or “ask for inaccurate personal data in Gemini Apps’ responses to be corrected.” The page notes that the company’s response will depend on the privacy laws of your jurisdiction.
OpenAI has a privacy portal that allows people to submit requests to remove their personal information from ChatGPT responses, but notes that it balances privacy requests with the public interest and “may decline a request if we have a lawful reason for doing so.”
Anthropic describes how it uses personal data in model training, but it does not have a clear way for people to request its removal. The company did not respond to a request for comment.
The best option for anyone who wants to protect their private data right now is to “start upstream: get personal data off the public web before it ends up in the next scrape,” says Shavell. Since the start of the year, for instance, California has offered its residents a web portal to request that data brokers delete their information. Still, this doesn’t guarantee that your data hasn’t already been used for training—and will therefore not appear in a chatbot’s response.
The Redditor who received incessant calls posted that he had “submitted an official Legal Removal/Privacy Request to Google, asking them to urgently blacklist my number from their LLM outputs,” but had not yet received a response. He also wrote last month that “the harassment continues daily.”
Abraham, the Israeli software developer, says he contacted Google’s customer service on March 17, the day after his phone number was exposed. He says he did not receive a response until May 4, and it simply asked for documentation that he had already provided.
Meanwhile, inspired by her own exposure on Gemini, Eiger, along with Gilbert and Gueorguieva, is designing a research project to further study what personal information is being surfaced by various AI chatbots—and what they may know, even if they’re not telling us.
Some of that information may “technically be public,” says Gilbert, but chatbots may be altering “the amount of effort you would put into finding” it. Now instead of searching through 10 pages of Google search results, or paying for the information from a data broker site, “does generative AI just lower the barrier to entry to target people?”
This piece has been updated to clarify OpenAI's response.
Deep Dive
Artificial intelligence
OpenAI is throwing everything into building a fully automated researcher
An exclusive conversation with OpenAI’s chief scientist, Jakub Pachocki, about his firm's new grand challenge and the future of AI.
Want to understand the current state of AI? Check out these charts.
According to Stanford’s 2026 AI Index, AI is sprinting, and we’re struggling to keep up.
Musk v. Altman week 1: Elon Musk says he was duped, warns AI could kill us all, and admits that xAI distills OpenAI’s models
Musk kept his cool, and OpenAI’s lawyer bulldozed him with piercing questions about his motivations for suing the company.
10 Things That Matter in AI Right Now
MIT Technology Review's authoritative overview of the 10 technologies, emerging trends, bold ideas, and powerful movements in AI in 2026.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.