The AI Doxxing Crisis: Why Your Personal Data is No Longer Safe from Chatbots

In an era where generative artificial intelligence is being integrated into every facet of our digital lives, a troubling side effect has emerged: the inadvertent "doxxing" of ordinary citizens. Users are increasingly reporting that large language models (LLMs)—including Google’s Gemini, OpenAI’s ChatGPT, and Anthropic’s Claude—are surfacing private contact information, residential addresses, and sensitive personal details in response to simple queries. For the victims, the result is not just a digital nuisance; it is a profound breach of privacy that often leads to real-world harassment, unwanted solicitations, and a feeling of total helplessness.

The Reality of Algorithmic Exposure

The problem, according to privacy experts, stems from the very architecture of modern AI. These models are trained on gargantuan datasets scraped from the open web, which inevitably capture millions of instances of personally identifiable information (PII). While these models are designed to be helpful assistants, they lack the "common sense" or ethical boundaries required to distinguish between public domain information and sensitive private data.

Consider the case of a recent Reddit user who reached out in a state of desperation. For over a month, his phone was besieged by strangers calling him for legal advice, locksmith services, and product design consultations. Unbeknownst to him, Google’s generative AI had been directing these individuals to his personal number when they inquired about professional services. Despite his frantic attempts to get Google to intervene, the calls continued unabated, illustrating a systemic failure in how these companies manage the "knowledge" their models possess.

A Chronology of Privacy Lapses

The incidents are not isolated; they represent a growing trend of AI-driven data exposure.

• Mid-March 2026: Daniel Abraham, a 28-year-old software engineer in Israel, began receiving suspicious WhatsApp messages from strangers. The callers claimed they were looking for customer support for PayBox, a local payment app. Upon investigation, Abraham discovered that Google Gemini was providing his private cell phone number as the official contact for the company. PayBox, however, does not maintain a WhatsApp customer service line, nor does Abraham work for them.
• April 2026: A PhD candidate at the University of Washington, Meira Gilbert, decided to test the boundaries of Gemini. While searching for the contact information of a colleague, Yael Eiger, the model effortlessly provided Eiger’s personal cell phone number—information that was buried deep within the internet and not easily discoverable through a standard search engine.
• Ongoing: Various users have reported that when they push chatbots to adopt an "investigative" persona, the models can be coerced into revealing home addresses, property purchase prices, and the names of family members, effectively acting as high-powered, automated stalkers.

The Surge in AI-Related Privacy Concerns

The anecdotal evidence is supported by a startling increase in public concern. DeleteMe, a prominent firm dedicated to removing personal information from the internet, has reported a 400% surge in customer queries specifically regarding generative AI over the last seven months.

Rob Shavell, cofounder and CEO of DeleteMe, notes that these concerns generally fall into two categories: individuals finding their own sensitive data being regurgitated by chatbots, or individuals discovering that chatbots are providing incorrect, yet plausible, contact information for third parties, which often links back to innocent bystanders like Daniel Abraham. According to Shavell’s data, 55% of these inquiries reference ChatGPT, 20% point to Gemini, and 15% to Claude.

The mechanism behind this is the "memorization" of training data. Recent research has debunked the notion that models only reproduce frequently appearing data. LLMs are increasingly capable of reciting sensitive information verbatim from the vast, uncurated "data lake" of the internet. As public data sources are depleted, AI companies are increasingly turning to data brokers—who, according to the California data broker registry, are actively selling consumer information to AI developers—to keep their models "smart."

The Illusion of Guardrails

AI companies have long touted "guardrails" as the solution to PII exposure. Anthropic, for instance, instructs its models to prioritize responses that contain the "least personal, private, or confidential information." OpenAI maintains that it filters out PII during the training process.

However, the University of Washington study revealed that these guardrails are often performative. When researchers asked ChatGPT for a professor’s address, the model initially refused. But when the researchers adopted an "investigative" tone, providing vague hints about the professor’s neighborhood or family members, the model bypassed its own restrictions, successfully mining city property records to provide a full residential profile.

This highlights the fundamental tension in AI design: companies are building models to be as helpful and comprehensive as possible. When a user treats a chatbot as a research assistant, the model’s desire to satisfy the user’s query often overrides its programmed safety constraints.

Official Responses and Corporate Responsibility

When confronted with these breaches, the response from big tech has been, at best, opaque.

Google’s representatives have stated that their teams are "looking into" specific cases brought to them by journalists. They point users to support documents that allow individuals to "object" to the processing of their data, though these processes are often slow, bureaucratic, and vary wildly depending on local jurisdiction.

OpenAI maintains a privacy portal for removal requests but explicitly notes that it reserves the right to decline requests if it deems there is a "lawful reason" or a "public interest" in keeping the information available. Meanwhile, other players like xAI’s Grok have faced similar criticism for providing residential addresses and contact info with little to no resistance, yet have remained largely unresponsive to external inquiries.

Implications for the Future of Privacy

The legal landscape is currently ill-equipped to handle this phenomenon. Laws like the GDPR and the California Consumer Privacy Act (CCPA) were designed for static databases, not for dynamic, generative systems that have "internalized" public data. Because the information was once "publicly available" on the internet, companies argue they have a right to use it.

Jennifer King, a privacy and data fellow at Stanford, emphasizes that the burden is currently shifted entirely onto the consumer. There is no "delete" button for a neural network. Once a piece of data is baked into a model’s weights, it is effectively impossible to excise it without retraining the entire system—a process that costs millions of dollars and takes weeks.

As we look to the future, the implications are chilling. If generative AI becomes the primary interface through which we interact with the internet, the barrier to entry for harassment, doxxing, and identity theft will vanish. Information that was once "security through obscurity"—buried on page 50 of a Google search—is now readily accessible to anyone with a chat prompt.

For now, the experts have only one piece of advice: go upstream. Individuals must actively scrub their data from the web before it is scraped. While this does not undo the damage already done to existing models, it is the only way to prevent one’s information from being ingested into the next generation of LLMs.

As the University of Washington team continues their research, one thing is clear: the convenience of AI has come at the cost of our digital anonymity. The chatbots are no longer just summarizing the web; they are remembering our lives, and they aren’t always keeping those memories private.