The LLM Disclosure Trap: Securing Sensitive Prompts through Legal, Technical, and Human-Centred Research

Project ID: 2531bd1651

(You will need this ID for your application)

Research Theme: Digital Security and Resilience

Research Area(s): Artificial Intelligence Technologies
Cybersecurity and Trusted Systems
Human-Computer Interaction

UCL Lead department: Computer Science

Department Website

Lead Supervisor: George Chalhoub

Project Summary:

The rise of AI chatbots has created a new kind of privacy risk: sensitive conversations that people assume to be private can in fact be retained, shared, or even subpoenaed. This PhD explores how these vulnerabilities arise and how they might be mitigated through better law, design, and governance.

The project focuses on what happens when people in high-trust professions such as law, medicine, and journalism use tools like ChatGPT to handle confidential material. It investigates how user assumptions, platform design, and data retention practices combine to expose personal or professional information. The student will carry out empirical research to document these risks, examine the legal and regulatory conditions under which prompts may be disclosed, and prototype an interactive “Prompt Disclosure Risk Simulator” that demonstrates to policymakers and designers how such exposure occurs.

The successful candidate will join UCL Interaction Centre (UCLIC) and work under the supervision of Dr George Chalhoub, whose research spans AI safety, cybersecurity, and human-centred design, with collaboration from experts in computer science, law, and policy. The student will be supported in developing an interdisciplinary skill set that includes qualitative and quantitative user research, AI auditing, and legal analysis.

Applicants should be interested in the societal impact of AI and the governance of emerging technologies. A background in computer science, HCI, psychology, law, or a related field would be suitable, and training will be provided to build cross-disciplinary competence. This project offers a unique opportunity to contribute to the growing field of AI safety and digital rights by addressing one of the most pressing questions of the decade: how to keep our conversations with machines truly private.