Jo Etzel<p>I'm now pretty convinced that box AI does (at least sometime) leak information. </p><p>A copy of the two chats and my test file is at <a href="https://mvpa.blogspot.com/2025/03/fun-with-box-ai-information-leakage.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mvpa.blogspot.com/2025/03/fun-</span><span class="invisible">with-box-ai-information-leakage.html</span></a></p><p>Evidence: in session 1 with a file I told box AI that the "white" subjects were "silly" and that the ages were given in days. In session 2 (four days later, different computer, different network) I started a new box AI session with the file, and it answered "how old are the silly subjects in years?" with the "white" subject ID codes, and converted the ages from days to years without being given those details again.</p><p>The box AI chats do not reproduce exactly every time, even with the same questions about the same file. But that it ever "remembered" things like "silly = white" across sessions (and users, in tests with colleagues) is deeply concerning in my context of protecting participant privacy.</p><p><a href="https://fediscience.org/tags/box" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>box</span></a> <a href="https://fediscience.org/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://fediscience.org/tags/boxAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boxAI</span></a> <a href="https://fediscience.org/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://fediscience.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>