AI chatbots are giving out people’s real phone numbers

MIT Technology Review – AI(Global) 13 May 2026 62

LLM-based PII leakage is an emerging risk class agencies must account for when deploying or procuring AI tools that process personal information.

  • AI chatbots including Gemini and ChatGPT are exposing real personal phone numbers drawn from training data.
  • DeleteMe reports a 400% rise in customer queries specifically referencing generative AI tools exposing personal data.
  • PII leakage from LLMs is directly relevant to APS obligations under the Privacy Act and responsible AI policy.
  • Consider Agencies deploying or evaluating LLM-based tools could assess whether their privacy impact assessments adequately account for PII leakage from training data as a distinct risk vector.
  • Monitor OAIC and privacy-focused policy teams may want to monitor how regulators in other jurisdictions respond to this emerging class of AI-driven PII exposure, as it may prompt guidance updates.

Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.

View original source