Có an toàn không khi tải ảnh của bạn lên ChatGPT? Rủi ro bất ngờ cần biết

• Người dùng AI ngày càng tải ảnh để hỏi về y tế, nhận diện cây, chỉnh sửa hồ sơ nghề nghiệp. Tuy nhiên, các chuyên gia cảnh báo: hình ảnh chứa nhiều thông tin nhạy cảm hơn người dùng nghĩ.

• Jacob Hoffman-Andrews (EFF) khuyến cáo không nên tải ảnh mà bạn muốn giữ tuyệt đối riêng tư. AI chatbot giống như iCloud hay Google Photos, nhưng nguy cơ cao hơn vì vừa có rủi ro hack, vừa có khả năng nhân viên công ty truy cập dữ liệu để giám sát hiệu quả AI (human-in-the-loop).

• Hình ảnh có metadata (vị trí, thời gian chụp), có thể tiết lộ nơi ở, thói quen hoặc chi tiết môi trường (giấy tờ, thẻ tín dụng vô tình xuất hiện). Nếu không bị xóa metadata, AI công ty sẽ nắm được kho dữ liệu khổng lồ.

• Một số chính sách: Microsoft và Anthropic không huấn luyện trên ảnh; OpenAI mặc định huấn luyện trừ khi người dùng opt-out; Meta không cho người dùng Mỹ chọn opt-out. Điều này dẫn đến sự thiếu nhất quán và dễ gây nhầm lẫn.

• Ví dụ thực tế: Meta từng bị phát hiện đăng công khai đoạn chat cùng ảnh cá nhân của người dùng do cài đặt mặc định phức tạp.

• Ảnh có nguy cơ bị AI “ghi nhớ” cao gồm: ảnh xuất hiện nhiều trên mạng (ví dụ “Afghan Girl”), ảnh có đặc điểm hiếm, và ảnh rõ mặt dùng trong tạo avatar, headshot chuyên nghiệp. AI có thể tạo ảnh gần giống, tiết lộ đặc điểm nhận diện sinh trắc.

• Các bước giảm phơi nhiễm: xem lại mặc định nền tảng, tắt lịch sử chat, tránh tải ảnh chứa địa chỉ hay dữ liệu nhạy cảm, không chia sẻ ảnh bạn không muốn bị lộ.

• Rủi ro lâu dài: dữ liệu có thể được tái sử dụng cho mục đích khác khi công nghệ AI và chiến lược kinh doanh thay đổi. Sarah Myers West (AI Now Institute) nhấn mạnh: ảnh tải hôm nay có thể “sống lâu hơn nhiều” so với mong đợi.

📌 Tải ảnh lên ChatGPT và các chatbot AI có thể dẫn đến phơi nhiễm dữ liệu nhạy cảm, từ metadata, môi trường xung quanh đến sinh trắc học. Chính sách xử lý ảnh của các công ty không thống nhất: Microsoft và Anthropic hạn chế, OpenAI mặc định huấn luyện, Meta thiếu tùy chọn. Người dùng cần cẩn trọng: tắt lịch sử, không tải ảnh chứa thông tin cá nhân, và hiểu rằng ảnh tải lên có thể tồn tại và được tái sử dụng trong tương lai.

https://www.wsj.com/tech/ai/chatgpt-photos-safety-83dd9b5b

Is It Safe to Upload Your Photos to ChatGPT?
AI users assume a certain level of privacy. That could be a dangerous assumption.

Jon Krause
By Jackie Snow
Sept. 3, 2025 5:00 pm ET
People are increasingly turning to AI chatbots not just for written queries, but for visual ones—uploading photos to identify a rash, spot a plant in the backyard or edit a headshot for LinkedIn.
But as image-based interactions with artificial intelligence become more common, privacy experts say users might be sharing more than they realize.
AI companies often frame image uploads as temporary inputs. What happens to those images after that interaction ends, however, can be far more unclear. There are risks in uploading images to AI, due to technical vulnerabilities, inconsistent and unclear policies from AI companies, and the unknown uses down the line.
“It’s important to avoid uploading photos that you want to make sure nobody but you ever looks at,” says Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Frontier Foundation, a digital-rights advocacy group. But the reality is that too many AI users (just like internet users) assume a certain level of privacy that actually might not be there.
More than what you see
Hoffman-Andrews says users should think of AI chatbots as another place where your images live, similar to iCloud or Google Photos, but with additional risks. The most basic of those risks is security. Like those other places, AI chatbots can be hacked and user accounts can be compromised.
But it’s about more than that. The AI companies themselves have access to user data and images. To assess how well their AI models are performing, AI companies routinely review a sample of user interactions, including ones with uploaded photos. This is known as human-in-the-loop oversight. That means that even if a user deletes a chatbot conversation, that chat, and all its visual and other elements, might have already been flagged for human review.
This might seem innocuous if you are uploading, say, a picture of a garden plant or a close-up of your arm with that rash. The issue is that images reveal far more information than users intend to share. They contain embedded metadata that include details such as the location and time a photo was taken.
Meanwhile, high-resolution photos containing an environmental background could capture readable views of documents or credit cards that happen to be on a desk or counter. There also could be identifying details about homes and workplaces or the biometrics of other people in a photo.
The upshot is that if AI companies don’t strip out the metadata from uploaded images, they end up with a trove of data about your routines, locations and other things—information that a company might use to improve its AI models, says Jennifer King, a privacy and data policy fellow at Stanford University’s Institute for Human-Centered Artificial Intelligence.
That means chatbot users are, in some cases, unknowingly providing free training data to AI companies—something they might not consent to if given a choice.
What’s the policy?
All that metadata and other identifying information exist alongside inconsistent policies about how companies handle the images themselves.
Research on AI developers conducted by King found varying approaches. Microsoft doesn’t train on images put into its AI assistant, Copilot. Neither does Anthropic, the maker of the Claude AI models, according to the research. OpenAI, the creator of ChatGPT, trains on all the data unless users opt out. Spokespeople for Microsoft and OpenAI confirmed those approaches. A spokesperson for Anthropic says the company has updated its policy to require users to decide whether their data can be used to train and refine systems.
King’s research also found that Meta AI users in the U.S. don’t have an option to opt out. A spokesperson for Meta Platforms wouldn’t confirm what was found in King’s research and pointed to its privacy center on Facebook for its policy on how Meta uses information for generative AI models and features.
Reduce Your Exposure
Practical steps to take before uploading images to AI
Review the AI platform’s data usage and training defaults
Turn off chat history
Don’t upload images that give away identifying information such an address
Don’t upload images you wouldn’t want shared or reused
While a vacation photo or recipe snapshot might blend into the massive amount of data these AI systems process, some images have a higher risk of being memorized by the systems—and, thus, end up appearing in chatbot results in a recognizable form. Hoffman-Andrews, of the Electronic Frontier Foundation, points to two categories: images that appear thousands of times online, such as the famous “Afghan Girl” photograph, which many early AI systems can reproduce perfectly; and images with highly distinctive features that make them statistical outliers.
For typical AI users, exact reproductions of their personal photos by AI systems are unlikely, Hoffman-Andrews says. But an AI system doesn’t need a perfect reproduction to create a privacy issue. It might generate an image close enough to be recognizable—one that includes the same distinctive birthmark, visible medical condition or a combination of features that could make that reproduction identifiable to others.
Other images at risk of being memorized by AI systems are those used to generate anime characters, age people’s faces or create professional headshots. That’s because those apps typically require clear, high-quality images of a person’s face—a unique image with biometric data.
Even for privacy-conscious users, confusing defaults or unclear interfaces also can lead to unintended exposure of images. When Meta launched its AI chatbot app earlier this year, for example, users discovered that some conversations—complete with uploaded photos and real names—were being posted to a public feed visible to anyone using the app. A Meta spokesperson says there was a multistep process in place and users could unshare chats at any time.
Unintended uses
The longer-term risk is that today’s image uploads could eventually be reused in ways that feel out of step with the original purpose, says Sarah Myers West, co-director of the AI Now Institute, which studies the impact of AI on society.
Microsoft, Anthropic, Meta and OpenAI say they don’t allow third-party distribution of the data.
West says that while companies may not sell data to third parties, they often do retain uploaded images. And users can’t predict how such images will be used as AI capabilities and business strategies evolve.
“Whatever you are uploading is going to have a life that goes far beyond just the moment that you are using the system,” she says.
Jackie Snow is a writer in Los Angeles. She can be reached at