SAN FRANCISCO—At RSAC 2026, Diana Freed, an assistant professor of computer and data science at Brown University, and PhD student Julio Poveda examined the growing use of AI chatbots by domestic violence survivors—while warning that these tools may do more harm than good. Rather than serving as safe confidants, the researchers said, chatbots can introduce serious risks that outweigh their benefits, potentially resulting in what Freed called "technology-facilitated harm," a theme she explored in both her talk and her work as a Microsoft Trustworthy AI Research Fellow.

Freed and Poveda opened by comparing the threats faced by survivors to insider risks in cybersecurity, arguing that AI systems must account for adversaries with intimate knowledge of a victim's life. In abusive situations, Poveda explained, the danger often comes from "an adversary that has a lot of knowledge on the target, or the victim, the survivor"—underscoring the need for a fundamentally different approach to privacy in AI tools.

The Privacy Illusion Behind "Safe" AI Chatbots

While it may be tempting to confide your personal plights in an AI since it's an uninvolved party that can reaffirm you and provide helpful resources in certain circumstances, these tools are ill-fitting substitutes for real, professional help. 

Poveda described how chatbots that are advertised as safe tools for domestic abuse survivors don’t have the safeguards in place to make them suitable for safe, secure messaging. He said, “In our analysis, it is unclear which technological controls they [AI chatbots] have in place to guarantee conversational confidentiality.”

He then drew attention to features that appear secure on the surface, but that are actually security theater. Many “Quick Exit” buttons on these bots take you to a neutral web page, such as Google, to hide their usage if an abuser were to walk into the room. However, these tools do little or nothing to clear recent browsing data, making it easy to expose the victim's recent activity. This simple lack of security, Poveda and Freed claim, can result in an escalation of abuse.

Most people probably wouldn’t scan their diary and upload it for the public to read—but that's essentially what can happen when you share sensitive, personal details with an AI chatbot. Information you provide may be used for analytics or training, and in some cases may be shared with third parties, such as advertisers. Chatbots aren't licensed healthcare professionals, and conversations with them aren't guaranteed to be private. In some situations, your data could even be used in ways that work against you. Data practices across AI companies can be unclear, and misuse may expose personal information, lead to targeted ads reflecting your conversations, or even result in full leaks of discussions in the event of a breach.

Audits of AI companies reveal that these threats aren’t just theoretical—the risk is real and growing as chatbots handle more and more sensitive data. Even AI chatbots built for domestic abuse survivors don’t adequately safeguard against common methods of browser fingerprinting, such as site trackers and cookies that can leak your information to third parties. Poveda and Freed conducted a series of audits of over 50 chatbots tailored for domestic violence survivors and found that every single one either tracked data via cookies or failed to properly mask browsing data after the session ended. Some even allowed users to export records of chats, which can be dangerous if the victim’s abuser monitors or has access to the email account used. 

For survivors of domestic abuse, this information being compromised could be deadly. All avenues of abuse must be considered, and AI systems are not equipped to handle current cyber threats to victims. Despite these risks, an increasing number of people in at-risk situations are reporting using chatbots for mental health purposes and even forming romantic ties with the tools.

Can AI Ever Be Safe for Survivors?

Current AI systems may be rife with privacy concerns and security flaws, but Freed emphasized that proactive changes can create a safer environment for users by “having direct and visible pathways to manage user data rather than having to search for controls.” She continued by stressing the importance of readable privacy policies, free of jargon, that clearly state how data is stored and for how long.

Freed concluded the presentation by returning to the need for privacy as a focus, not an afterthought. She argued that, “It is very important to go through a full risk assessment to understand the front end [chatbot interaction], and to know where the data is going.” Both a preventive approach for users and a keen focus on privacy from the creators of these chatbots are necessary to mitigate further abuse.