Your AI Tools Are Leaking More Than You Think
There's a version of AI privacy that people worry about and a version they don't. The one they worry about: what OpenAI and Anthropic do with your prompts. Whether they train on your data. Whether your conversations are stored.
There’s a version of AI privacy that people worry about and a version they don’t. The one they worry about: what OpenAI and Anthropic do with your prompts. Whether they train on your data. Whether your conversations are stored.
These are real concerns. But they’re downstream concerns. They describe what happens to your data after it arrives on someone else’s server.
The version most people don’t think about: what happens to your data before it gets there.
What the Journey Actually Looks Like
Take one interaction. You type a question into ChatGPT — something work-related, say a business strategy question or a chunk of client code — and hit enter.
Here’s what happens next:
Your browser wraps the request in TLS encryption. So the content is protected. But TLS has a limit: it encrypts the data, not the metadata about the data.
Your ISP sees that you’ve made a connection to api.openai.com. They see the size of the data you sent and received. They see the timestamp. They know you’re using ChatGPT, how often you use it, and approximately when you work. The content is hidden. The pattern is visible.
DNS queries — the lookup requests that translate “openai.com” into an IP address — are often unencrypted by default. Anyone on your network path can see which AI services you’re connecting to.
During the TLS handshake, there’s a field called SNI (Server Name Indication) that transmits the domain name before the encrypted connection is established. This is visible to your ISP and anyone who can see your traffic.
Your IP address goes out with every request. The AI company logs it. If they ever have a breach, your IP address is in the dump, linked to your usage history.
None of this is speculative. This is how standard internet infrastructure works.
Three Real Exposure Scenarios
Your ISP Building a Usage Profile
Your ISP knows which AI tools you use. They know when you use them and how much. With enough data, they can infer quite a bit — work schedules, productivity patterns, the kinds of tasks you outsource to AI.
In most countries, ISPs are legally required to retain traffic metadata. In some, they can sell it. Whether yours is doing anything with this data is unknowable from your end. The capability to do it exists.
Public Networks
Coffee shops, airports, hotel lobbies. Anyone on the same network with basic tools can see DNS requests, SNI data, and traffic volume patterns. The content of your prompts is encrypted. The record of which AI services you’re using, and when, is not.
This sounds minor until you think about specific scenarios. You’re at a conference, on the conference WiFi, actively using Claude during a negotiation. Another attendee on the same network can see that you’re hitting claude.ai continuously. They don’t see what you’re typing. They see that you’re running AI assistance in real time. That’s information they shouldn’t have.
IP-Linked Breaches
Major tech companies get breached. It happens regularly. OpenAI is not immune to this.
Every AI company logs IP addresses — that’s standard practice. If one of them suffers a significant breach, your IP address is in the exposed data, linked to your complete usage history on that platform.
Your IP address is the thread that connects your identity to everything you’ve ever done on that service. If an attacker combines your IP with breach data, they have a record of every prompt you’ve sent, every file you’ve uploaded, every conversation.
What a VPN Actually Fixes
A VPN wraps your entire connection in an encrypted tunnel between your device and a VPN server. Everything inside the tunnel — your DNS queries, your connections to AI services, the content and metadata of your traffic — is encrypted from your device outward.
For ISP surveillance: your ISP sees one connection to the VPN server. That’s it. They have no visibility into what’s inside the tunnel — no AI service names, no traffic volume breakdown, no usage timing.
For public network interception: a packet sniffer on the same network as you sees encrypted VPN traffic going to one IP address. Nothing readable. No AI service names. No connection patterns.
For IP-linked breaches: the AI company logs the IP address of the VPN server, not your device. If they’re breached, the IP in the exposed data leads to a VPN server in another country. Your real IP isn’t in the data.
What to Look for in a Privacy VPN for AI Use
Not all VPNs protect equally. For AI workflows specifically:
Verified no-logs policy. Every VPN claims they don’t log. Look for published third-party audit reports. If they can’t produce audits from reputable security firms, the claim is unverifiable.
RAM-only servers. Some VPNs run their servers entirely in RAM — nothing is written to disk. If a server is physically seized, there’s nothing to recover. Data that was never stored can’t be produced under a legal order.
DNS leak protection. A VPN with DNS leaks is worse than no VPN — it creates false confidence while your DNS queries still expose your browsing to your ISP. Check that DNS requests route through the encrypted tunnel.
Kill switch. If the VPN drops mid-session for any reason, a kill switch cuts all internet traffic until the connection restores. Without one, a dropped VPN connection leaks your real IP to every service you’re connected to, even briefly.
The VPN I use: NordVPN. Three separate independent audits of the no-logs policy. RAM-only infrastructure. Kill switch that actually works. 30-day money-back policy.
A Note on AI Company Privacy Policies
The argument goes: “ChatGPT has opt-out controls. Claude doesn’t train on Pro plan data. Why do I need more protection?”
Fair question. Those controls matter and you should use them.
But they govern what happens to your data after it reaches the AI company’s servers. They say nothing about the path between your device and those servers.
That path goes through your ISP’s infrastructure, through network routing hardware, through your local network. A privacy policy covers the destination. A VPN covers the journey.
What You’re Actually Sending
Worth being concrete about this.
People use AI tools for: business strategy and planning, proprietary code, client-facing documents, financial projections, medical questions, legal questions, personal relationship situations, career decisions.
This is not browser history. It’s the actual content of knowledge work. Sensitive in ways that most people don’t think about until they imagine it in the wrong hands.
In 2026, routing this traffic through an unprotected connection while being careful about privacy in other areas is an inconsistency worth closing.
The VPN That Keeps Your AI Workflow Running
Over 6,000 servers in 110+ countries. Clean IPs that bypass AI service blocks. Independently audited no-logs policy. 30-day money-back guarantee.
Get NordVPN — Save up to 72%