Although AI chatbots use strong encryption to keep their conversations from leaking, a clever attacker can still nut out the sense of the conversation, as explained in Ars Electronica:

Researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

The article goes into detail about how the attack works – and what can be done to prevent it.

Read it here.