Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Public LLM conversations: what the safety data actually shows


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10141
Topic starter  

TL;DR: Analysis of 13,455 publicly shared ChatGPT conversations found that 99.06% contained no policy violations, over 80% were educational, and only 0.94% included sensitive material, according to Knostic. The data suggests that visible AI use is shaped as much by human self-presentation and accountability as by model safeguards.

NHIMG editorial — based on content published by Knostic: LLMs data leakage detection and response analysis of public conversation safety

By the numbers:

Questions worth separating out

Q: How should security teams govern AI assistants that can access enterprise data?

A: Security teams should govern AI assistants through least privilege, explicit data-scoping, and auditability.

Q: Why do public LLM conversations understate enterprise AI risk?

A: Public conversations understate enterprise risk because users change behaviour when they know others may see the transcript.

Q: What breaks when AI access is governed only at the prompt layer?

A: Prompt-layer governance breaks when the model can still retrieve, summarise, or expose restricted data through connected systems.

Practitioner guidance

  • Map AI access paths to least privilege Inventory which AI chat, search, and retrieval systems can reach sensitive repositories, then reduce access to the minimum data sets required for each business use case.
  • Separate prompt safety from data access control Assess whether the model can refuse unsafe content while still retrieving restricted information.
  • Test private-use scenarios, not just public transcripts Run red-team exercises against internal AI workflows where users are not self-censoring.

What's in the full article

Knostic's full analysis covers the operational detail this post intentionally leaves for the source:

  • Methodology notes on how the 13,455 public conversations were sampled and reviewed.
  • The review rubric used to classify educational prompts, sensitive material, and jailbreak attempts.
  • Examples of rare outlier prompts that reveal model boundary behaviour in practice.
  • Additional discussion of why public visibility changes user behaviour and how that affects interpretation.

👉 Read Knostic's analysis of public LLM use, safety, and educational behavior →

Public LLM conversations: what the safety data actually shows?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

Public AI safety is not the same as enterprise AI governance. The study shows that visible conversations are mostly educational and low risk, but that reflects user behaviour under observation rather than a complete risk model. Enterprise AI programs must govern both what users ask and what systems can access, because policy-compliant prompts can still expose restricted information through retrieval or sharing paths. The practitioner conclusion is that transcript safety is not a substitute for access governance.

A few things that frame the scale:

  • 33% of organisations report their AI agents have accessed inappropriate or sensitive data beyond their intended scope, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, sharing sensitive data, and revealing access credentials.

A question worth separating out:

Q: How do organisations know whether AI data controls are actually working?

A: They know controls are working when AI systems cannot retrieve data outside approved scopes, and when access reviews show that connectors, service identities, and OAuth grants match current business need. The best signal is not just blocked prompts, but consistently bounded retrieval and auditable access paths.

👉 Read our full editorial: Public LLM use is mostly educational, not policy-breaking



   
ReplyQuote
Share: